Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Damn - Nailed by Cryptowall 3.0


  • This topic is locked This topic is locked
22 replies to this topic

#1 ddiamond

ddiamond

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 11 February 2015 - 10:37 PM

Ouch - this is a nasty piece of work - Thanking you in advance!!!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Matthew (administrator) on MATTS_LAPTOP on 11-02-2015 20:45:40
Running from C:\Users\Matthew\Desktop
Loaded Profiles: Matthew (Available profiles: Matthew)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell, Inc.) C:\Program Files (x86)\System Registration\prodreg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Users\Matthew\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe
(Dell) C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [Google Update] => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [iLivid] => "C:\Users\Matthew\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [MSConfig] => C:\Users\Matthew\mvsbtsej.exe [32583680 2015-01-29] (Kaeria VeryLink)
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [GoogleUpdate] => C:\Users\Matthew\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [95744 2015-01-29] ()
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [DellSystemDetect] => C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-21] (Dell)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/mNY5e3
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={846B72F0-B606-4B87-B1CE-B2230B91B2F4}&mid=2ea85e35681b47d29d6eb513424dc2a0-f9fa48c89fba8a9bb59a148b5b9bff7e8483e5ba&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-09-06 16:02:27&v=18.1.9.786&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @talk.google.com/O1DPlugin -> C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-06]

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn [2014-08-04]
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2014-05-12]
CHR Extension: (Hangouts) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-11]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-24] (WildTangent)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:43 - 2015-02-11 20:43 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-11 20:30 - 2015-02-11 20:30 - 00000000 ____D () C:\Users\Matthew\Desktop\FRST-OlderVersion
2015-01-30 21:49 - 2015-01-30 21:49 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 21:49 - 2015-01-30 21:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 21:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-30 21:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-30 21:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-30 21:48 - 2015-01-30 21:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthew\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-30 19:01 - 2015-01-30 19:03 - 00036920 _____ () C:\Users\Matthew\Desktop\Addition.txt
2015-01-30 18:58 - 2015-02-11 20:45 - 00024657 _____ () C:\Users\Matthew\Desktop\FRST.txt
2015-01-30 18:58 - 2015-02-11 20:45 - 00000000 ____D () C:\FRST
2015-01-30 18:57 - 2015-02-11 20:30 - 02134016 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2015-01-30 18:41 - 2015-01-30 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\HELP_DECRYPT.URL
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.URL
2015-01-29 13:05 - 2015-01-24 20:59 - 00009504 _____ () C:\Users\Matthew\Documents\potential%20guests.odt_0.odt
2015-01-29 10:32 - 2015-01-29 10:32 - 00008528 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.HTML
2015-01-29 10:32 - 2015-01-29 10:32 - 00004204 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.TXT
2015-01-29 10:32 - 2015-01-29 10:32 - 00000272 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.URL
2015-01-29 10:24 - 2015-01-29 10:24 - 00008528 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.HTML
2015-01-29 10:24 - 2015-01-29 10:24 - 00004204 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.TXT
2015-01-29 10:24 - 2015-01-29 10:24 - 00000272 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.URL
2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.HTML
2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.TXT
2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.URL
2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.URL
2015-01-29 10:17 - 2015-01-29 10:17 - 00008528 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 10:17 - 2015-01-29 10:17 - 00004204 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 10:17 - 2015-01-29 10:17 - 00000272 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.URL
2015-01-29 10:16 - 2015-01-29 10:16 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-29 10:16 - 2015-01-29 10:16 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-29 10:16 - 2015-01-29 10:16 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-29 10:11 - 2015-02-11 20:43 - 00000648 _____ () C:\ProgramData\@system.temp
2015-01-29 10:11 - 2015-02-11 20:43 - 00000384 ____H () C:\ProgramData\@system3.att
2015-01-29 10:11 - 2015-01-29 10:11 - 00000480 ____H () C:\Users\Matthew\AppData\Roaming\麽鎒駓覜
2015-01-29 10:10 - 2015-01-29 10:10 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\FrameworkUpdate
2015-01-29 08:59 - 2015-02-11 20:42 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-01-29 08:59 - 2015-01-29 08:59 - 32583680 ____H (Kaeria VeryLink) C:\Users\Matthew\mvsbtsej.exe
2015-01-29 08:59 - 2015-01-29 08:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-22 15:13 - 2015-01-22 15:13 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Mozilla
2015-01-21 18:09 - 2015-01-21 18:09 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-21 18:08 - 2015-01-21 18:10 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Deployment
2015-01-14 10:08 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 10:08 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 10:08 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 10:08 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 10:08 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 10:08 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 10:08 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 10:08 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 10:08 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 10:08 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 10:08 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 10:08 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 10:08 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 10:08 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 10:08 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 10:08 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 10:08 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 10:08 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 10:06 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 10:06 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 10:06 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 10:06 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 10:05 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 10:05 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 10:05 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 10:05 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:18 - 2015-01-13 17:18 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Disney Interactive
2015-01-13 16:56 - 2015-01-13 16:56 - 00002321 _____ () C:\Users\Public\Desktop\Disney Infinity 2.0.lnk
2015-01-13 16:56 - 2015-01-13 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive
2015-01-13 16:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-01-13 16:55 - 2015-01-13 16:55 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
2015-01-12 21:43 - 2015-01-12 21:43 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:48 - 2014-05-13 21:06 - 00000000 __RDO () C:\Users\Matthew\OneDrive
2015-02-11 20:47 - 2013-12-28 14:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2633815232-960237094-2566872554-1001
2015-02-11 20:45 - 2013-11-06 13:25 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-11 20:43 - 2014-01-15 22:19 - 00493056 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-02-11 20:42 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\Matthew
2015-02-11 20:42 - 2014-01-11 18:26 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 20:41 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-11 20:40 - 2014-03-18 03:54 - 00020608 _____ () C:\WINDOWS\PFRO.log
2015-02-11 20:40 - 2013-08-22 08:46 - 00311696 _____ () C:\WINDOWS\setupact.log
2015-02-11 20:40 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 20:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-30 22:12 - 2014-01-11 18:30 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001UA.job
2015-01-30 22:06 - 2014-01-11 18:26 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 22:01 - 2014-03-27 12:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 21:45 - 2014-05-13 20:06 - 01806495 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-30 18:32 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-30 16:48 - 2014-03-18 04:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-30 14:18 - 2014-01-11 18:30 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001Core.job
2015-01-29 19:08 - 2014-01-11 18:26 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 18:14 - 2014-03-21 13:49 - 00003612 _____ () C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2633815232-960237094-2566872554-1001
2015-01-29 14:53 - 2014-04-16 15:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 13:50 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 13:05 - 2014-03-03 17:38 - 00000000 ____D () C:\Users\Matthew\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2015-01-29 10:23 - 2014-09-18 15:09 - 00000000 ____D () C:\Users\Matthew\Documents\Outlook Files
2015-01-29 10:23 - 2014-06-19 17:05 - 00000000 ____D () C:\Users\Matthew\Documents\LDW
2015-01-29 10:23 - 2014-04-16 15:10 - 00000000 ____D () C:\Users\Matthew\Documents\CyberLink
2015-01-29 10:18 - 2014-03-03 19:54 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\OpenOffice
2015-01-29 10:17 - 2014-08-04 14:48 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Torch
2015-01-29 10:17 - 2014-03-27 15:38 - 00000000 ____D () C:\Users\Matthew\AppData\Local\webkit
2015-01-29 10:17 - 2014-01-11 18:26 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Google
2015-01-29 10:17 - 2013-12-28 14:07 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Adobe
2015-01-29 10:16 - 2014-08-24 18:39 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Amazon
2015-01-29 10:16 - 2014-08-10 22:19 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CyberLink
2015-01-29 10:16 - 2014-03-25 16:31 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Apple Computer
2015-01-29 08:59 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-01-27 08:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-27 07:59 - 2014-01-02 18:36 - 00752128 ___SH () C:\Users\Matthew\Downloads\Thumbs.db
2015-01-25 17:17 - 2014-12-22 14:38 - 00000000 ____D () C:\Users\Matthew\AppData\Local\PackageStaging
2015-01-25 17:17 - 2013-12-28 14:06 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Packages
2015-01-24 14:20 - 2014-09-13 14:19 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:20 - 2014-09-13 14:19 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 22:57 - 2014-10-02 13:35 - 00023120 _____ () C:\Users\Matthew\Documents\additional clara, snow queen, doll cabinet scenes..odt
2015-01-22 10:31 - 2014-01-01 16:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-22 10:24 - 2014-01-01 16:04 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-21 17:16 - 2013-11-06 13:16 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-13 17:35 - 2014-01-03 13:40 - 00000000 ____D () C:\ProgramData\softthinks
2015-01-13 17:26 - 2013-08-22 08:44 - 00539920 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-13 16:56 - 2013-11-06 13:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-01-29 10:18 - 2015-01-29 10:18 - 0008528 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 10:18 - 2015-01-29 10:18 - 0045552 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-29 10:18 - 2015-01-29 10:18 - 0004204 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 10:18 - 2015-01-29 10:18 - 0000272 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.URL
2014-05-21 11:43 - 2014-05-21 11:43 - 0000000 _____ () C:\Users\Matthew\AppData\Roaming\pdfperformer
2015-01-29 10:11 - 2015-01-29 10:11 - 0000480 ____H () C:\Users\Matthew\AppData\Roaming\麽鎒駓覜
2015-01-29 10:17 - 2015-01-29 10:17 - 0008528 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 10:17 - 2015-01-29 10:17 - 0045552 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.PNG
2015-01-29 10:17 - 2015-01-29 10:17 - 0004204 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 10:17 - 2015-01-29 10:17 - 0000272 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.URL
2015-01-01 22:47 - 2015-01-01 22:47 - 0003297 _____ () C:\Users\Matthew\AppData\Local\recently-used.xbel
2014-09-17 10:42 - 2014-09-17 10:42 - 0000000 _____ () C:\Users\Matthew\AppData\Local\{A06A6970-5029-440A-A3ED-E3AB31FFC288}
2015-01-29 10:11 - 2015-02-11 20:43 - 0000648 _____ () C:\ProgramData\@system.temp
2015-01-29 10:11 - 2015-02-11 20:43 - 0000384 ____H () C:\ProgramData\@system3.att
2015-01-29 10:16 - 2015-01-29 10:16 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-29 10:16 - 2015-01-29 10:16 - 0045552 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-29 10:16 - 2015-01-29 10:16 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-29 10:16 - 2015-01-29 10:16 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-11-06 13:24 - 2013-11-06 13:24 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 13:19 - 2013-11-06 13:20 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 13:20 - 2013-11-06 13:22 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 13:18 - 2013-11-06 13:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 13:22 - 2013-11-06 13:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Users\Matthew\mvsbtsej.exe

Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Matthew\AppData\Local\Temp\28B5.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\2AB9.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\BackupSetup.exe
C:\Users\Matthew\AppData\Local\Temp\bdfilters.dll
C:\Users\Matthew\AppData\Local\Temp\BEA6.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\BF92.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\CloudBackup7357.exe
C:\Users\Matthew\AppData\Local\Temp\DB9C.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DBC8.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DC46.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DCF4.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\oi_{285EF0BF-BE5F-4B35-9E9F-C55579395527}.exe
C:\Users\Matthew\AppData\Local\Temp\safeguard.exe
C:\Users\Matthew\AppData\Local\Temp\uM1X.dll
C:\Users\Matthew\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Matthew\AppData\Local\Temp\update.exe
C:\Users\Matthew\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-29 16:46

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 15 February 2015 - 12:12 AM

Hello ddiamond, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
This machine is in quite a mess. Please be aware that recovery of files encrypted by CryptoWall 3.0 may not be possible I'm afraid. There are options we can explore, but no guarantees.

 

Do you have a backup of files encrypted?
 
---------
 
Please ensure your Anti-Virus and Firewall are enabled before proceeding. 

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date)
FW: McAfee Firewall (Disabled)

 
Did you install this programme? UPDF 
 
---------

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [iLivid] => "C:\Users\Matthew\AppData\Local\iLivid\iLivid.exe" -autorun
    HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [MSConfig] => C:\Users\Matthew\mvsbtsej.exe [32583680 2015-01-29] (Kaeria VeryLink)
    C:\Users\Matthew\AppData\Local\iLivid
    HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [GoogleUpdate] => C:\Users\Matthew\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [95744 2015-01-29] ()
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
    Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
    InternetURL: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/mNY5e3
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={846B72F0-B606-4B87-B1CE-B2230B91B2F4}&mid=2ea85e35681b47d29d6eb513424dc2a0-f9fa48c89fba8a9bb59a148b5b9bff7e8483e5ba&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-09-06 16:02:27&v=18.1.9.786&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Extension: (Ask Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
    2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Public\HELP_DECRYPT.HTML
    2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\HELP_DECRYPT.HTML
    2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.HTML
    2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Public\HELP_DECRYPT.TXT
    2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\HELP_DECRYPT.TXT
    2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.TXT
    2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Public\HELP_DECRYPT.URL
    2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\HELP_DECRYPT.URL
    2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.URL
    2015-01-29 10:32 - 2015-01-29 10:32 - 00008528 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.HTML
    2015-01-29 10:32 - 2015-01-29 10:32 - 00004204 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.TXT
    2015-01-29 10:32 - 2015-01-29 10:32 - 00000272 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.URL
    2015-01-29 10:24 - 2015-01-29 10:24 - 00008528 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.HTML
    2015-01-29 10:24 - 2015-01-29 10:24 - 00004204 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.TXT
    2015-01-29 10:24 - 2015-01-29 10:24 - 00000272 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.URL
    2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.HTML
    2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.HTML
    2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.TXT
    2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.TXT
    2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.URL
    2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.URL
    2015-01-29 10:17 - 2015-01-29 10:17 - 00008528 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.HTML
    2015-01-29 10:17 - 2015-01-29 10:17 - 00004204 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.TXT
    2015-01-29 10:17 - 2015-01-29 10:17 - 00000272 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.URL
    2015-01-29 10:16 - 2015-01-29 10:16 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
    2015-01-29 10:16 - 2015-01-29 10:16 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
    2015-01-29 10:16 - 2015-01-29 10:16 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
    2015-01-29 10:11 - 2015-02-11 20:43 - 00000648 _____ () C:\ProgramData\@system.temp
    2015-01-29 10:11 - 2015-02-11 20:43 - 00000384 ____H () C:\ProgramData\@system3.att
    2015-01-29 10:11 - 2015-01-29 10:11 - 00000480 ____H () C:\Users\Matthew\AppData\Roaming\麽鎒駓覜
    2015-01-29 10:10 - 2015-01-29 10:10 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\FrameworkUpdate
    2015-01-29 08:59 - 2015-02-11 20:42 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
    2015-01-29 08:59 - 2015-01-29 08:59 - 32583680 ____H (Kaeria VeryLink) C:\Users\Matthew\mvsbtsej.exe
    2015-01-29 08:59 - 2015-01-29 08:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2015-01-29 10:17 - 2014-08-04 14:48 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Torch
    2014-05-21 11:43 - 2014-05-21 11:43 - 0000000 _____ () C:\Users\Matthew\AppData\Roaming\pdfperformer
    Folder: C:\Users\Matthew\AppData\Local\webkit
    C:\Users\Matthew\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
    C:\Users\Matthew\AppData\Local\Temp\28B5.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\2AB9.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Matthew\AppData\Local\Temp\bdfilters.dll
    C:\Users\Matthew\AppData\Local\Temp\BEA6.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\BF92.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\CloudBackup7357.exe
    C:\Users\Matthew\AppData\Local\Temp\DB9C.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\DBC8.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\DC46.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\DCF4.tmpcrt.dll
    C:\Users\Matthew\AppData\Local\Temp\oi_{285EF0BF-BE5F-4B35-9E9F-C55579395527}.exe
    C:\Users\Matthew\AppData\Local\Temp\safeguard.exe
    C:\Users\Matthew\AppData\Local\Temp\uM1X.dll
    C:\Users\Matthew\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Matthew\AppData\Local\Temp\update.exe
    C:\Users\Matthew\AppData\Local\Temp\vcredist_x64.exe
    Task: {0B6DE6DD-6F83-4290-87E0-02186C35C0C5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    C:\Program Files (x86)\MyPC Backup
    CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\Users\Matthew\Local Settings:init
    AlternateDataStreams: C:\Users\Matthew\AppData\Local:init
    AlternateDataStreams: C:\Users\Matthew\AppData\Local\Application Data:init
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: In the Encoding: drop-down box, select Unicode.
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Search

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Type the following text into the Search: textbox:
    HELP_DECRYPT.*
  • Click on the Search File(s) button.
  • Upon completion, a log (Search.txt) will open.
  • Attach (not copy/paste) the file in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Answer to questions
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • Search.txt (attached!)

Posted Image

#3 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 15 February 2015 - 11:41 PM

Hi Adam,

I'm currently having an issue installing McAfee Anitvirus on my computer, which is why I haven't replied. Plus, working on my computer right now is like running in wet cement - Explorer is constantly stopping and starting - this message just took 8 minutes to write! I'm currently trying to troubleshoot the McAfee problem so I can follow through on the rest of your solution..



#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 16 February 2015 - 02:23 AM

Hello, 

 

Please skip enabling McAfee, and proceed with Step 1. Don't forget to answer my other questions. 


Posted Image

#5 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 16 February 2015 - 04:15 PM

Hi Adam,
Sorry for the delay, as the computer has been moving extremely slow....
To answer your questions:
1.) I have some of the files backed up on an external hard drive, but not all of them.
2.) My wife installed the UPDF program, although if it's crappy, I'll uninstall it!
Here's the logs you requested (and thanks!)
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Matthew at 2015-02-16 12:24:04 Run:2
Running from C:\Users\Matthew\Desktop
Loaded Profiles: Matthew (Available profiles: Matthew)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [iLivid] => "C:\Users\Matthew\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [MSConfig] => C:\Users\Matthew\mvsbtsej.exe [32583680 2015-01-29] (Kaeria VeryLink)
C:\Users\Matthew\AppData\Local\iLivid
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [GoogleUpdate] => C:\Users\Matthew\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [95744 2015-01-29] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/mNY5e3
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={846B72F0-B606-4B87-B1CE-B2230B91B2F4}&mid=2ea85e35681b47d29d6eb513424dc2a0-f9fa48c89fba8a9bb59a148b5b9bff7e8483e5ba&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-09-06 16:02:27&v=18.1.9.786&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2633815232-960237094-2566872554-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=2156&systemid=406&v=n13502-429&apn_uid=4230212143114723&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Ask Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00008528 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.HTML
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00004204 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.TXT
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\HELP_DECRYPT.URL
2015-01-29 14:53 - 2015-01-29 14:53 - 00000272 _____ () C:\Users\Matthew\Desktop\HELP_DECRYPT.URL
2015-01-29 10:32 - 2015-01-29 10:32 - 00008528 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.HTML
2015-01-29 10:32 - 2015-01-29 10:32 - 00004204 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.TXT
2015-01-29 10:32 - 2015-01-29 10:32 - 00000272 _____ () C:\Users\Matthew\Downloads\HELP_DECRYPT.URL
2015-01-29 10:24 - 2015-01-29 10:24 - 00008528 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.HTML
2015-01-29 10:24 - 2015-01-29 10:24 - 00004204 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.TXT
2015-01-29 10:24 - 2015-01-29 10:24 - 00000272 _____ () C:\Users\Matthew\Documents\HELP_DECRYPT.URL
2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-29 10:18 - 2015-01-29 10:18 - 00008528 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.HTML
2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-29 10:18 - 2015-01-29 10:18 - 00004204 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.TXT
2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.URL
2015-01-29 10:18 - 2015-01-29 10:18 - 00000272 _____ () C:\Users\Matthew\AppData\HELP_DECRYPT.URL
2015-01-29 10:17 - 2015-01-29 10:17 - 00008528 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.HTML
2015-01-29 10:17 - 2015-01-29 10:17 - 00004204 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.TXT
2015-01-29 10:17 - 2015-01-29 10:17 - 00000272 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.URL
2015-01-29 10:16 - 2015-01-29 10:16 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-29 10:16 - 2015-01-29 10:16 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-29 10:16 - 2015-01-29 10:16 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-29 10:11 - 2015-02-11 20:43 - 00000648 _____ () C:\ProgramData\@system.temp
2015-01-29 10:11 - 2015-02-11 20:43 - 00000384 ____H () C:\ProgramData\@system3.att
2015-01-29 10:11 - 2015-01-29 10:11 - 00000480 ____H () C:\Users\Matthew\AppData\Roaming\麽鎒駓覜
2015-01-29 10:10 - 2015-01-29 10:10 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\FrameworkUpdate
2015-01-29 08:59 - 2015-02-11 20:42 - 00000000 ___HD () C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-01-29 08:59 - 2015-01-29 08:59 - 32583680 ____H (Kaeria VeryLink) C:\Users\Matthew\mvsbtsej.exe
2015-01-29 08:59 - 2015-01-29 08:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-29 10:17 - 2014-08-04 14:48 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Torch
2014-05-21 11:43 - 2014-05-21 11:43 - 0000000 _____ () C:\Users\Matthew\AppData\Roaming\pdfperformer
Folder: C:\Users\Matthew\AppData\Local\webkit
C:\Users\Matthew\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Matthew\AppData\Local\Temp\28B5.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\2AB9.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\BackupSetup.exe
C:\Users\Matthew\AppData\Local\Temp\bdfilters.dll
C:\Users\Matthew\AppData\Local\Temp\BEA6.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\BF92.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\CloudBackup7357.exe
C:\Users\Matthew\AppData\Local\Temp\DB9C.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DBC8.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DC46.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\DCF4.tmpcrt.dll
C:\Users\Matthew\AppData\Local\Temp\oi_{285EF0BF-BE5F-4B35-9E9F-C55579395527}.exe
C:\Users\Matthew\AppData\Local\Temp\safeguard.exe
C:\Users\Matthew\AppData\Local\Temp\uM1X.dll
C:\Users\Matthew\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Matthew\AppData\Local\Temp\update.exe
C:\Users\Matthew\AppData\Local\Temp\vcredist_x64.exe
Task: {0B6DE6DD-6F83-4290-87E0-02186C35C0C5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}\InprocServer32 -> C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Users\Matthew\Local Settings:init
AlternateDataStreams: C:\Users\Matthew\AppData\Local:init
AlternateDataStreams: C:\Users\Matthew\AppData\Local\Application Data:init
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => value deleted successfully.
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig => Value not found.
"C:\Users\Matthew\AppData\Local\iLivid" => File/Directory not found.
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate => Value not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML not found.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT not found.
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
Chrome DefaultSuggestURL not detected.
C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
C:\Users\Public\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\Desktop\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Public\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\Desktop\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Public\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\Desktop\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\Downloads\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\Downloads\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Matthew\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Matthew\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Matthew\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
C:\ProgramData\@system3.att => Moved successfully.
C:\Users\Matthew\AppData\Roaming\麽鎒駓覜 => Moved successfully.
C:\Users\Matthew\AppData\Roaming\FrameworkUpdate => Moved successfully.
C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0} => Moved successfully.
"C:\Users\Matthew\mvsbtsej.exe" => File/Directory not found.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\Users\Matthew\AppData\Local\Torch => Moved successfully.
C:\Users\Matthew\AppData\Roaming\pdfperformer => Moved successfully.
========================= Folder: C:\Users\Matthew\AppData\Local\webkit ========================
2015-01-29 10:17 - 2015-01-29 10:17 - 0008528 _____ () C:\Users\Matthew\AppData\Local\webkit\HELP_DECRYPT.HTML
2015-01-29 10:17 - 2015-01-29 10:17 - 0045552 _____ () C:\Users\Matthew\AppData\Local\webkit\HELP_DECRYPT.PNG
2015-01-29 10:17 - 2015-01-29 10:17 - 0004204 _____ () C:\Users\Matthew\AppData\Local\webkit\HELP_DECRYPT.TXT
2015-01-29 10:17 - 2015-01-29 10:17 - 0000272 _____ () C:\Users\Matthew\AppData\Local\webkit\HELP_DECRYPT.URL
2014-03-27 15:38 - 2015-01-29 10:17 - 0000000 ____D () C:\Users\Matthew\AppData\Local\webkit\icondatabase
2015-01-29 10:17 - 2015-01-29 10:17 - 0008528 _____ () C:\Users\Matthew\AppData\Local\webkit\icondatabase\HELP_DECRYPT.HTML
2015-01-29 10:17 - 2015-01-29 10:17 - 0045552 _____ () C:\Users\Matthew\AppData\Local\webkit\icondatabase\HELP_DECRYPT.PNG
2015-01-29 10:17 - 2015-01-29 10:17 - 0004204 _____ () C:\Users\Matthew\AppData\Local\webkit\icondatabase\HELP_DECRYPT.TXT
2015-01-29 10:17 - 2015-01-29 10:17 - 0000272 _____ () C:\Users\Matthew\AppData\Local\webkit\icondatabase\HELP_DECRYPT.URL
2014-03-27 15:38 - 2015-01-01 22:04 - 0036128 _____ () C:\Users\Matthew\AppData\Local\webkit\icondatabase\WebpageIcons.db
====== End of Folder: ======
C:\Users\Matthew\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\28B5.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\2AB9.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\BEA6.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\BF92.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\CloudBackup7357.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\DB9C.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\DBC8.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\DC46.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\DCF4.tmpcrt.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\oi_{285EF0BF-BE5F-4B35-9E9F-C55579395527}.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\uM1X.dll => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\update.exe => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6DE6DD-6F83-4290-87E0-02186C35C0C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6DE6DD-6F83-4290-87E0-02186C35C0C5}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{2D349E57-23E4-4A67-9624-F1DC6B65AABF}" => Key deleted successfully.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Matthew\Local Settings" => ":init" ADS not found.
C:\Users\Matthew\AppData\Local => ":init" ADS removed successfully.
"C:\Users\Matthew\AppData\Local\Application Data" => ":init" ADS not found.
=========  ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.
==== End of Fixlog 12:31:53 ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Matthew (administrator) on MATTS_LAPTOP on 16-02-2015 13:12:02
Running from C:\Users\Matthew\Desktop
Loaded Profiles: Matthew (Available profiles: Matthew)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell, Inc.) C:\Program Files (x86)\System Registration\prodreg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell) C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(SoftThinks) C:\Program Files (x86)\Dell Backup and Recovery\SetMUILanguage.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\Core\mchost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Run: [DellSystemDetect] => C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-01-21] (Dell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: The Amazon 1Button App for IE -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> C:\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @talk.google.com/O1DPlugin -> C:\Users\Matthew\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2633815232-960237094-2566872554-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Matthew\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-06]
Chrome:
=======
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2014-05-12]
CHR Extension: (Hangouts) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-11]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-16]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-02-15]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 0182071424112145mcinstcleanup; C:\WINDOWS\TEMP\018207~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-24] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-10-08] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 12:56 - 2015-02-16 12:56 - 00000000 ___RD () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-15 23:04 - 2015-02-15 23:04 - 00019218 _____ () C:\Users\Matthew\fixlist.txt
2015-02-15 22:18 - 2015-02-15 22:18 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\McAfee
2015-02-15 21:47 - 2015-02-16 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-15 21:09 - 2015-02-15 21:18 - 00000000 ____D () C:\Program Files (x86)\SafeKey
2015-02-15 21:07 - 2015-02-15 21:07 - 00004042 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-15 21:07 - 2015-02-15 21:07 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-02-15 21:06 - 2015-02-15 21:06 - 00003230 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-02-15 21:00 - 2015-02-15 21:00 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-15 20:58 - 2015-02-15 20:58 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-11 21:23 - 2015-02-11 21:23 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Mozilla
2015-02-11 20:30 - 2015-02-15 23:23 - 00000000 ____D () C:\Users\Matthew\Desktop\FRST-OlderVersion
2015-01-30 21:49 - 2015-01-30 21:49 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 21:49 - 2015-01-30 21:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 21:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-30 21:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-30 21:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-30 21:48 - 2015-01-30 21:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matthew\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-30 19:01 - 2015-02-11 21:51 - 00037492 _____ () C:\Users\Matthew\Desktop\Addition.txt
2015-01-30 18:58 - 2015-02-16 13:29 - 00024697 _____ () C:\Users\Matthew\Desktop\FRST.txt
2015-01-30 18:58 - 2015-02-16 13:14 - 00000000 ____D () C:\FRST
2015-01-30 18:57 - 2015-02-15 23:13 - 02085888 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2015-01-29 13:05 - 2015-01-24 20:59 - 00009504 _____ () C:\Users\Matthew\Documents\potential%20guests.odt_0.odt
2015-01-21 18:09 - 2015-01-21 18:09 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-01-21 18:08 - 2015-01-21 18:10 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Deployment
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 13:22 - 2014-01-11 18:30 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001UA.job
2015-02-16 13:19 - 2014-01-11 18:26 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 13:14 - 2013-12-28 14:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2633815232-960237094-2566872554-1001
2015-02-16 13:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 13:09 - 2014-05-13 21:06 - 00000000 __RDO () C:\Users\Matthew\OneDrive
2015-02-16 13:09 - 2014-01-15 22:19 - 00493056 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-02-16 13:09 - 2013-11-06 13:25 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-16 12:53 - 2014-01-11 18:26 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 12:41 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 12:40 - 2014-03-18 03:54 - 00026798 _____ () C:\WINDOWS\PFRO.log
2015-02-16 12:40 - 2013-08-22 08:46 - 00311850 _____ () C:\WINDOWS\setupact.log
2015-02-16 12:40 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 12:38 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\Matthew
2015-02-16 12:26 - 2014-03-27 15:38 - 00000000 ____D () C:\Users\Matthew\AppData\Local\webkit
2015-02-15 23:28 - 2013-11-06 13:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-15 23:27 - 2013-11-06 13:30 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-15 22:25 - 2013-11-06 13:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-15 22:11 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-15 22:07 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-15 21:20 - 2014-01-11 18:30 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001Core.job
2015-02-15 21:15 - 2014-05-13 20:06 - 02030205 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 21:00 - 2013-11-06 13:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-15 20:53 - 2013-11-06 13:09 - 00000000 ____D () C:\Program Files\Dell
2015-02-15 20:52 - 2013-11-06 13:16 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-13 21:49 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 21:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-12 04:54 - 2014-01-11 18:26 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-11 21:14 - 2014-01-11 18:30 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001UA
2015-02-11 21:14 - 2014-01-11 18:30 - 00003512 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001Core
2015-02-11 21:14 - 2014-01-11 18:26 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-11 21:14 - 2014-01-11 18:26 - 00003668 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-11 20:41 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-30 22:01 - 2014-03-27 12:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 16:48 - 2014-03-18 04:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-29 18:14 - 2014-03-21 13:49 - 00003612 _____ () C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2633815232-960237094-2566872554-1001
2015-01-29 14:53 - 2014-04-16 15:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 13:05 - 2014-03-03 17:38 - 00000000 ____D () C:\Users\Matthew\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2015-01-29 10:23 - 2014-09-18 15:09 - 00000000 ____D () C:\Users\Matthew\Documents\Outlook Files
2015-01-29 10:23 - 2014-06-19 17:05 - 00000000 ____D () C:\Users\Matthew\Documents\LDW
2015-01-29 10:23 - 2014-04-16 15:10 - 00000000 ____D () C:\Users\Matthew\Documents\CyberLink
2015-01-29 10:18 - 2014-03-03 19:54 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\OpenOffice
2015-01-29 10:17 - 2014-01-11 18:26 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Google
2015-01-29 10:17 - 2013-12-28 14:07 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Adobe
2015-01-29 10:16 - 2014-08-24 18:39 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Amazon
2015-01-29 10:16 - 2014-08-10 22:19 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CyberLink
2015-01-29 10:16 - 2014-03-25 16:31 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Apple Computer
2015-01-29 08:59 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-01-27 07:59 - 2014-01-02 18:36 - 00752128 ___SH () C:\Users\Matthew\Downloads\Thumbs.db
2015-01-25 17:17 - 2014-12-22 14:38 - 00000000 ____D () C:\Users\Matthew\AppData\Local\PackageStaging
2015-01-25 17:17 - 2013-12-28 14:06 - 00000000 ____D () C:\Users\Matthew\AppData\Local\Packages
2015-01-24 14:20 - 2014-09-13 14:19 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:20 - 2014-09-13 14:19 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 22:57 - 2014-10-02 13:35 - 00023120 _____ () C:\Users\Matthew\Documents\additional clara, snow queen, doll cabinet scenes..odt
2015-01-22 10:31 - 2014-01-01 16:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-22 10:24 - 2014-01-01 16:04 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2015-02-15 21:17 - 2015-02-15 21:17 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-29 10:18 - 2015-01-29 10:18 - 0045552 _____ () C:\Users\Matthew\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-29 10:17 - 2015-01-29 10:17 - 0045552 _____ () C:\Users\Matthew\AppData\Local\HELP_DECRYPT.PNG
2015-01-01 22:47 - 2015-01-01 22:47 - 0003297 _____ () C:\Users\Matthew\AppData\Local\recently-used.xbel
2014-09-17 10:42 - 2014-09-17 10:42 - 0000000 _____ () C:\Users\Matthew\AppData\Local\{A06A6970-5029-440A-A3ED-E3AB31FFC288}
2015-01-29 10:16 - 2015-01-29 10:16 - 0045552 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2013-11-06 13:24 - 2013-11-06 13:24 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-06 13:19 - 2013-11-06 13:20 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-06 13:20 - 2013-11-06 13:22 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-06 13:18 - 2013-11-06 13:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-06 13:22 - 2013-11-06 13:24 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-29 16:46
==================== End Of Log =======================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Matthew at 2015-02-16 13:30:51
Running from C:\Users\Matthew\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Alvin and the Chipmunks (HKLM-x32\...\Alvin and the Chipmunks) (Version:  - Brash Entertainment)
Amazon 1Button App for Windows Taskbar (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.2 - Amazon)
Amazon Kindle (HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Disney Infinity 2.0 (HKLM-x32\...\{AD3C5D08-A89D-4E05-A0D2-CD24C6F689EE}) (Version: 1.97.5311 - Disney Interactive)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.191 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sibelius Scorch (ActiveX Only) (HKLM-x32\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Unity Web Player (HKU\S-1-5-21-2633815232-960237094-2566872554-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UPDF (HKLM-x32\...\UPDF) (Version:  - UPDF)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Virtual Families (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Families 2 1.1.1 (HKLM-x32\...\Virtual Families 2) (Version: 1.1.1 - Last Day of Work)
Virtual Villagers - The Lost Children 1.0 (HKLM-x32\...\Virtual Villagers - The Lost Children) (Version: 1.0 - Last Day of Work)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2633815232-960237094-2566872554-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Matthew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points  =========================
26-01-2015 08:50:24 Scheduled Checkpoint
29-01-2015 13:49:03 Windows Update
30-01-2015 18:27:45 Restore Operation
16-02-2015 12:24:29 Restore Point Created by FRST
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {123A18F2-B972-4046-9603-1F70B3091F80} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {15CEACFA-A84C-4DF3-AF08-3764831D2924} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {1AFAD1C4-C2B8-4198-98DB-63CE6B8D3058} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {25205859-80F3-4AFB-9634-9A0704DDDE46} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {2A581A79-E8A0-4002-BD6F-DAB3DFD82440} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2633815232-960237094-2566872554-1001
Task: {55C828F7-DC61-480B-95A9-002F33EF3BB1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5ADAB4C7-D0DC-44D8-9CAB-00E1BA549E17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-22] (Microsoft Corporation)
Task: {ABF1FDAE-610D-4DB6-81E6-A20F2ED0F617} - System32\Tasks\PocketCloud => C:\Program
Task: {B9766D49-8293-43A9-9A58-A424EF0107CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {C32A8160-F807-4FEA-8E21-74EEDDACA6E8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {CC64E4BD-7F9C-41C9-AC1C-4ADC54DE9B7E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {D40C0D24-CB41-48E0-9430-973EDAB22ED3} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {D634C913-840B-4B53-BE85-BD8FDEF84FF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D76FD9BD-0541-4394-84B9-A02130EBB4F8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {D92B2AE8-445C-40BD-8EE2-68BFDB326307} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {E624F5A0-2825-4BC7-88A7-33C9D3BED23E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001Core => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {E9058794-5BBE-4A4F-9B48-0BCA090F108D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {ECB04548-0BDB-44A3-BF28-970399140A10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001UA => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {F657A336-FC6A-4CA8-AD13-7D22DCBF8898} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001Core.job => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2633815232-960237094-2566872554-1001UA.job => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-15 09:10 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-06 13:22 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-21 20:46 - 2013-06-21 20:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 20:35 - 2013-06-21 20:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 20:31 - 2013-06-21 20:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2012-12-28 15:39 - 2012-12-28 15:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 15:36 - 2012-12-28 15:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 15:41 - 2012-12-28 15:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-28 15:42 - 2012-12-28 15:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2014-11-15 15:04 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-06 13:26 - 2013-04-19 17:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-06 13:26 - 2013-04-19 17:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-06 13:26 - 2013-04-19 17:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-06 13:26 - 2013-04-19 17:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-11-06 13:26 - 2013-04-19 17:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-01-29 16:57 - 2015-01-29 16:57 - 00025600 _____ () C:\Users\Matthew\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0\NativeImages\BackgroundTasks\0906da8016fed49fbb971a52822daf01\BackgroundTasks.ni.dll
2014-10-18 11:03 - 2014-10-18 11:03 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-01-29 16:57 - 2015-01-29 16:57 - 00529920 _____ () C:\Users\Matthew\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0\NativeImages\Helper\df5579f4c76cca064d500e728188287d\Helper.ni.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-18 10:49 - 2014-10-18 10:49 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-11-06 13:10 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-06 13:20 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-15 14:59 - 2014-11-15 14:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-06 13:25 - 2013-05-02 18:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2013-11-06 13:20 - 2012-12-03 00:18 - 00807456 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Matthew\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2633815232-960237094-2566872554-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-2633815232-960237094-2566872554-500 - Administrator - Disabled)
Guest (S-1-5-21-2633815232-960237094-2566872554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2633815232-960237094-2566872554-1005 - Limited - Enabled)
Matthew (S-1-5-21-2633815232-960237094-2566872554-1001 - Administrator - Enabled) => C:\Users\Matthew
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2015 01:31:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 9dc
Start Time: 01d04a1e5fd0843c
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 5372308d-b612-11e4-bef5-645a04a92b53
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (02/16/2015 01:31:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 12e4
Start Time: 01d04a1e602d8236
Termination Time: 4294967295
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
Report Id: 537492ec-b612-11e4-bef5-645a04a92b53
Faulting package full name: Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t
Faulting package-relative application ID: App
Error: (02/16/2015 01:09:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 164c
Start Time: 01d04a1a3d6b2437
Termination Time: 4294967295
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 2b64f9cd-b60f-11e4-bef5-645a04a92b53
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45030609
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45030609
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13234
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13234
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2015 11:42:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17284 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 82c
Start Time: 01d049a44a2e9c9e
Termination Time: 4625
Application Path: C:\WINDOWS\Explorer.EXE
Report Id: 8df37d79-b59e-11e4-bef4-645a04a92b53
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (02/16/2015 01:33:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:33:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:33:02 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:43 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:41 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:39 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:37 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:33 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/16/2015 01:29:31 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (02/16/2015 01:31:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206899dc01d04a1e5fd0843c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5372308d-b612-11e4-bef5-645a04a92b53microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (02/16/2015 01:31:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638412e401d04a1e602d82364294967295C:\WINDOWS\system32\backgroundTaskHost.exe537492ec-b612-11e4-bef5-645a04a92b53Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1tApp
Error: (02/16/2015 01:09:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17416164c01d04a1a3d6b24374294967295C:\Program Files\Internet Explorer\iexplore.exe2b64f9cd-b60f-11e4-bef5-645a04a92b53
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 45030609
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 45030609
Error: (02/16/2015 00:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13234
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13234
Error: (02/15/2015 11:44:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/15/2015 11:42:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1728482c01d049a44a2e9c9e4625C:\WINDOWS\Explorer.EXE8df37d79-b59e-11e4-bef4-645a04a92b53

CodeIntegrity Errors:
===================================
  Date: 2015-02-15 20:50:31.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll that did not meet the Windows signing level requirements.
  Date: 2015-02-11 23:46:15.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll that did not meet the Windows signing level requirements.
  Date: 2015-01-29 17:33:24.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll that did not meet the Windows signing level requirements.
  Date: 2015-01-29 16:51:13.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\msoeacct.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 34%
Total physical RAM: 6025.27 MB
Available physical RAM: 3926.75 MB
Total Pagefile: 7049.27 MB
Available Pagefile: 4780 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:684.92 GB) (Free:579.56 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 15B58D26)
Partition: GPT Partition Type.
==================== End Of Log ============================

Attached Files



#6 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 17 February 2015 - 03:35 AM

Hello, 
 

Sorry for the delay

Not a problem!
 

1.) I have some of the files backed up on an external hard drive, but not all of them.

OK, we'll look into recovery options once your machine appears clean. In the meantime, you may find it beneficial determining which files you do not have a back up of. This should be done using a clean machine. 
 

2.) My wife installed the UPDF program, although if it's crappy, I'll uninstall it!

That's OK. If the programme was purposely installed there's no issue. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CMD: del /f /s /q "HELP_DECRYPT.*"
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the log in your next reply.
     

STEP 2
b8zkrsY.png Browser Reset
 
Before proceeding, please refer to the following instructions on how you can backup your Favourites/Bookmarks.

Using the relevant instructions below, please reset your installed browsers.
As Internet Explorer is an integral part of Windows, please ensure you reset this browser.

STEP 3
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 4
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • Did your browsers reset successfully?
  • TDSSKiller log (attached!)
  • RKreport.txt

Posted Image

#7 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 18 February 2015 - 11:26 PM

Hi Adam!

Wow, what a journey this has been!

Regarding the browser - it seems to have reset just fine, although I was expecting to lose my bookmarks but didn't....

They won't allow me to attach the TDSS log because the say it's too large - I'll try to upload separately in another response...

Anyway, here's the copied log:

 

RogueKiller V10.4.0.0 (x64) [Feb 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Matthew [Administrator]
Mode : Scan -- Date : 02/18/2015  22:07:20

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] RogueKillerX64.exe(2716) -- C:\Users\Matthew\Desktop\RogueKillerX64.exe[7] -> Killed [JobObj]

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0182071424112145mcinstcleanup (C:\WINDOWS\TEMP\018207~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0182071424112145mcinstcleanup (C:\WINDOWS\TEMP\018207~1.EXE -cleanup -nolog) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 733 (Driver: Loaded) ¤¤¤
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - SHRegCreateUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8f80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - SHRegWriteUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9b80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathMakeSystemFolderW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7f00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsContentTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryStringByKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6c20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ac0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7640
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsNetworkPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7800
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathSearchAndQualifyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8180
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathUndecorateW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e85b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateDialogParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dde70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - Shell_NotifyIconW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathAndSubDirW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6820
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - Shell_NotifyIconA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc880
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetSpecialFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6970
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecc10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) SHELL32.dll - ShellExecuteExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc2a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) ADVAPI32.dll - RegEnumKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaf00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) ADVAPI32.dll - RegQueryValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) KERNEL32.DLL - SearchPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3b40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - WinHelpW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e47a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - WinHelpW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e47a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - PrivateExtractIconsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3020
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) KERNEL32.DLL - GetPrivateProfileSectionNamesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e13d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) KERNEL32.DLL - GetBinaryTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e74f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsContentTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryEmptyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e75d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryStringByKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6c20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathFindOnPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e73a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathRemoveArgsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e80b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7640
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathMakeSystemFolderW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7f00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtQueryDirectoryFile : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc660
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ADVAPI32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) comctl32.dll - PropertySheetW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed930
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetSpecialFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6970
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - SetCurrentDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbf40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc160
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindNextFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0350
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbff0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetShortPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e20b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegEnumValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb0a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegOpenKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetPrivateProfileIntW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0e40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dcfd0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4f20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3700
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc860
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc800
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFullPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc6f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1f70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateProcessA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daba0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegWriteUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9b80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegDeleteEmptyUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegQueryInfoUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c23c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegEnumUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2430
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - PathCreateFromUrlA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7170
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegCreateUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8f80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d140 (jmp 0xffffffffed580d30)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d800 (jmp 0xffffffffed56a570)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d750 (jmp 0xffffffffed5787a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d3d0 (jmp 0xffffffffed584c70)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d7b0 (jmp 0xffffffffed589810)
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) SHLWAPI.dll - PathUnExpandEnvStringsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e84e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ clbcatq.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryStringA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6b30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathUndecorateW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e85b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathSearchAndQualifyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8180
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathRemoveArgsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e80b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - GetSaveFileNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - SetDllDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3f30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ jscript9.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ actxprxy.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - SetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e4440
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetPrivateProfileIntW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0e40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e2a40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sxs.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc210
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ thumbcache.dll) SHELL32.dll - SHGetFolderPathAndSubDirW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6820
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINTRUST.dll) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mscms.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateProcessA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daba0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc160
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbff0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindNextFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0350
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - RemoveDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - MoveFileExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e2a00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - SetCurrentDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbf40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652deb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - SetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e4290
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc210
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - WaitForSingleObject : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4d30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) comdlg32.dll - GetSaveFileNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryInfoKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc2d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc2f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCreateKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - GetPrivateProfileStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e1960
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb0a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryInfoKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc2d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaf00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegOpenKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - GetWindowThreadProcessId : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da190
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ImgUtil.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ImgUtil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ wow64.dll) ntdll.dll - memcpy : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE @ 0x9738d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ GDI32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecc10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ADVAPI32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) comctl32.dll - PropertySheetW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed930
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d140 (jmp 0xffffffffed580d30)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d800 (jmp 0xffffffffed56a570)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d750 (jmp 0xffffffffed5787a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d3d0 (jmp 0xffffffffed584c70)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d7b0 (jmp 0xffffffffed589810)
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ clbcatq.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ actxprxy.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ jscript9.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ T2EMBED.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINTRUST.dll) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] f1c28931e25230b6b9891d07be3a8643
[BSP] 811e9d926c42cde1fd7c2fe0b58a5312 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 MB
4 - Basic data partition | Offset (sectors): 2373632 | Size: 701354 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1438746624 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1439668224 | Size: 12440 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_02182015_215424.log

 

Attached Files



#8 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 18 February 2015 - 11:31 PM

Hey Adam,

 

The TDSS file is 8 KB and the limit for this appears to be 336 KB......?

 

Any suggestions?

 

Thanks!



#9 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 19 February 2015 - 06:50 AM

Hello, 
 
Please upload the large TDSSKiller log to my channel.


Posted Image

#10 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 19 February 2015 - 07:11 PM

Hi Adam,

I just submitted it to your channel!\

Thanks,

Matt



#11 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 20 February 2015 - 05:32 AM

Hi Matt, 

 

Please work your way through the following. 

 

STEP 1
mlEX1wH.png RogueKiller Fix

  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png
  • Upon completion, do the following:
     
  • Click 5UKuIKl.png and place a checkmark next to the following items. Ensure any other items are unchecked.
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
    • [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
  • Click QEIRkTE.png.
     
  • Click phPvmc6.png.
  • Copy the contents of the log and paste in your next reply.
     

STEP 2
iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpg Run as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure DriversSectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click CleanupReboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder
     

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W8).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKreport.txt
  • mbar-log.txt
  • system-log.txt
  • JRT.txt
  • AdwCleaner[S0].txt

Posted Image

#12 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 21 February 2015 - 04:50 PM

Greetings Adam!

 

Here's the info you requested - the only issue I had was that I closed the AdwCleaner log without saving it (I had a serious brain fart) so I ran it again and am attaching the results at the end....

 

RogueKiller V10.4.0.0 (x64) [Feb 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Matthew [Administrator]
Mode : Scan -- Date : 02/18/2015  22:07:20

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] RogueKillerX64.exe(2716) -- C:\Users\Matthew\Desktop\RogueKillerX64.exe[7] -> Killed [JobObj]

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\Software\Microsoft\Windows\CurrentVersion\Run | DellSystemDetect : C:\Users\Matthew\AppData\Local\Apps\2.0\ZA1C3CB4.E76\3ORC9NM8.MVG\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0182071424112145mcinstcleanup (C:\WINDOWS\TEMP\018207~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0182071424112145mcinstcleanup (C:\WINDOWS\TEMP\018207~1.EXE -cleanup -nolog) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 733 (Driver: Loaded) ¤¤¤
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - SHRegCreateUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8f80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - SHRegWriteUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9b80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathMakeSystemFolderW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7f00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsContentTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryStringByKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6c20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ac0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7640
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathIsNetworkPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7800
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathSearchAndQualifyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8180
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHLWAPI.dll - PathUndecorateW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e85b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateDialogParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dde70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - Shell_NotifyIconW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathAndSubDirW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6820
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - Shell_NotifyIconA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc880
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) SHELL32.dll - SHGetSpecialFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6970
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecc10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) SHELL32.dll - ShellExecuteExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc2a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) ADVAPI32.dll - RegEnumKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaf00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) ADVAPI32.dll - RegQueryValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) KERNEL32.DLL - SearchPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3b40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - WinHelpW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e47a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - WinHelpW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e47a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - PrivateExtractIconsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3020
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) KERNEL32.DLL - GetPrivateProfileSectionNamesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e13d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) KERNEL32.DLL - GetBinaryTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e74f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsContentTypeW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryEmptyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e75d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryStringByKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6c20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathFindOnPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e73a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathRemoveArgsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e80b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathIsDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7640
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) SHLWAPI.dll - PathMakeSystemFolderW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7f00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtQueryDirectoryFile : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc660
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ADVAPI32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) comctl32.dll - PropertySheetW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed930
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetSpecialFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6970
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - SetCurrentDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbf40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc160
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindNextFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0350
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbff0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetShortPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e20b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegEnumValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb0a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegOpenKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetPrivateProfileIntW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0e40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dcfd0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4f20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3700
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc860
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc800
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetFullPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc6f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1f70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateProcessA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daba0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegWriteUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9b80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegDeleteEmptyUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e9060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegQueryInfoUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c23c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegEnumUSValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2430
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - PathCreateFromUrlA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e7170
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHLWAPI.dll - SHRegCreateUSKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8f80
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d140 (jmp 0xffffffffed580d30)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d800 (jmp 0xffffffffed56a570)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d750 (jmp 0xffffffffed5787a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d3d0 (jmp 0xffffffffed584c70)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d7b0 (jmp 0xffffffffed589810)
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) SHLWAPI.dll - PathUnExpandEnvStringsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e84e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ clbcatq.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryStringA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6b30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathUndecorateW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e85b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathSearchAndQualifyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e8180
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - PathRemoveArgsW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e80b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHLWAPI.dll - AssocQueryKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc3b0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - GetSaveFileNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - SetDllDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3f30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ jscript9.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ actxprxy.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - SetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e4440
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetPrivateProfileIntW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0e40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - MoveFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e2a40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ OLEACC.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sxs.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ddd50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateDialogIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dddb0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - IsDialogMessageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da410
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetKeyboardState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da560
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc210
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ thumbcache.dll) SHELL32.dll - SHGetFolderPathAndSubDirW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6820
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINTRUST.dll) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ slc.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ sppc.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mscms.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c0a90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateProcessA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daba0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c2270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindClose : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc160
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindFirstFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbff0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - FindNextFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0350
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - RemoveDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e3390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - DeleteFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1830
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - MoveFileExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e2a00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - SetCurrentDirectoryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cbf40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - CreateDirectoryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652deb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - SetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e4290
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetLongPathNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc210
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e0730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetFileAttributesW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1b10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - DeleteFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652df600
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - WaitForSingleObject : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4d30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - LoadImageW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e27a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - EndDialog : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da340
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) comdlg32.dll - GetSaveFileNameW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc060
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegQueryInfoKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc2d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCreateKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1aa0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetPathFromIDListW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6900
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderPathA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e6740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - SHGetFolderLocation : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e66d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) SHELL32.dll - ShellExecuteW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652dc2f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash.ocx) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - LoadLibraryA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1c40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegOpenKeyExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6ca0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegCreateKeyA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea270
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ADVAPI32.dll - RegQueryValueExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6b60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DSOUND.dll) ole32.dll - CoCreateInstance : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4b50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateFileW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c18e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - LoadLibraryW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1e10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - GetPrivateProfileStringW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652e1960
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateProcessW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652daf10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) KERNEL32.DLL - CreateFileA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c14e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegOpenKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6390
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegDeleteKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaa20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ead40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCreateKeyExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea590
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb0a0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryValueW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb730
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryInfoKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc2d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegEnumKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eaf00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegOpenKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652eb3e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b6420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCloseKey : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b5650
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) ADVAPI32.dll - RegCreateKeyW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ea740
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - keybd_event : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da5c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - GetWindowThreadProcessId : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da190
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ DINPUT8.dll) user32.dll - SetCursorPos : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da4f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - GetKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1b70
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - GetAsyncKeyState : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4ed0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ UIAutomationCore.DLL) user32.dll - SendInput : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652da480
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ImgUtil.dll) KERNEL32.DLL - LoadLibraryExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652c1760
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ImgUtil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ wow64.dll) ntdll.dll - memcpy : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE @ 0x9738d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ iertutil.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ GDI32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IMM32.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSCTF.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ shcore.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEFRAME.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DialogBoxParamA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecc10
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHLWAPI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ole32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) user32.dll - MessageBoxIndirectW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652cc420
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SHELL32.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ADVAPI32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) comctl32.dll - PropertySheetW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed930
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comdlg32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ uxtheme.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ tiptsf.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saHook.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WININET.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetConnectW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d140 (jmp 0xffffffffed580d30)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetQueryDataAvailable : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d800 (jmp 0xffffffffed56a570)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d750 (jmp 0xffffffffed5787a0)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d3d0 (jmp 0xffffffffed584c70)
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetCloseHandle : C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll @ 0x60e1d7b0 (jmp 0xffffffffed589810)
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ clbcatq.dll) ole32.dll - OleLoadFromStream : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652d9460
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieproxy.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ IEUI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ MSHTML.dll) comdlg32.dll - PrintDlgW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed690
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowLongA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3540
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ dxgi.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igd10iumd32.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ igdusc32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mdnsNSP.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ actxprxy.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ oleacc.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ jscript9.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ ieapfltr.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ msimtf.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ saPlugin.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ VERSION.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - CallNextHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b19e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - SetWindowsHookExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bca30
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - UnhookWindowsHookEx : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b35d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcieplg.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ comctl32.dll) user32.dll - DialogBoxIndirectParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecb40
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - TerminateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bcf90
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - ExitThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b4e20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) KERNEL32.DLL - CreateThread : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc7d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ mcbrwctl.dll) user32.dll - DefWindowProcW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b1a50
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ T2EMBED.DLL) KERNEL32.DLL - GetProcAddress : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b31e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINTRUST.dll) user32.dll - MessageBoxA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecdf0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - CreateWindowExA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc8e0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ WINMM.dll) user32.dll - DefWindowProcA : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b34f0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - SetWindowLongW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b33d0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - EnableWindow : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652b3a20
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - MessageBoxW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ed200
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - DialogBoxParamW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652ecd00
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ SETUPAPI.dll) user32.dll - CreateWindowExW : C:\Program Files (x86)\Internet Explorer\IEShims.dll @ 0x652bc6c0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] f1c28931e25230b6b9891d07be3a8643
[BSP] 811e9d926c42cde1fd7c2fe0b58a5312 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 MB
4 - Basic data partition | Offset (sectors): 2373632 | Size: 701354 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1438746624 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1439668224 | Size: 12440 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_02182015_215424.log

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.21.07
  rootkit: v2015.02.20.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17631
Matthew :: MATTS_LAPTOP [administrator]

2/21/2015 2:09:51 PM
mbar-log-2015-02-21 (14-09-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 350167
Time elapsed: 40 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

========================================================================================================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17631

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Y:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 6317957120, free: 2253791232

Downloaded database version: v2015.02.21.07
Downloaded database version: v2015.02.20.01
Downloaded database version: v2014.12.06.01
Initializing...
=======================================
------------ Kernel report ------------
     02/21/2015 14:09:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\79356792.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\System32\drivers\TrueSight.sys
\??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\umpass.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.02.21.07
  rootkit: v2015.02.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001c6be6670, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001c6be5040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001c6be6670, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001c5fc8060, DeviceName: \Device\0000002a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 15B58D26

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3130581069
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid b9e3e65d-6753-4df8-9df2-908d4d32715
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3130581069
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid b9e3e65d-6753-4df8-9df2-908d4d32715
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 12883323-e8a4-4043-aba5-0bf92c06a5
    FirstLBA 2048  Last LBA 1026047
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 0 is bootable
    Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
    Partition ID d160b13b-838c-4c15-ba34-82a138f2e63c
    FirstLBA 1026048  Last LBA 1107967
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID fcca1578-a97f-4a95-b7a4-f91c55a26538
    FirstLBA 1107968  Last LBA 1370111
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f902b91b-8883-46a9-9770-e78a80b5cf
    FirstLBA 1370112  Last LBA 2373631
    Attributes 1
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 43d895dd-6aa5-40fe-87e3-2ee7523c57d8
    FirstLBA 2373632  Last LBA 1438746623
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 834ea0b8-8834-4f28-99d9-31756ac22b3
    FirstLBA 1438746624  Last LBA 1439668223
    Attributes 1
    Partition Name                                    

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 38d6d5c4-9f7c-40b9-9627-5863b24b2723
    FirstLBA 1439668224  Last LBA 1465147119
    Attributes 1
    Partition Name         Microsoft recovery partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

===========================================================================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Matthew on Sat 02/21/2015 at 15:08:37.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\AVG SAFEGUARD TOOLBAR-F5AF4F36.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Matthew\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Matthew\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Matthew\appdata\locallow\pcdr"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/21/2015 at 15:12:59.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 15:28:01
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Matthew - MATTS_LAPTOP
# Running from : C:\Users\Matthew\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [2476 bytes] - [21/02/2015 15:15:32]
AdwCleaner[R1].txt - [650 bytes] - [21/02/2015 15:28:01]
AdwCleaner[S0].txt - [2455 bytes] - [21/02/2015 15:19:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [767 bytes] ##########



#13 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 21 February 2015 - 06:15 PM

Hi Matt, 
 

the only issue I had was that I closed the AdwCleaner log without saving it (I had a serious brain fart) so I ran it again and am attaching the results at the end....

That's OK. 
 
Did you have RogueKiller delete the two items from my previous instructions?
 
----------
 
We have one more round of scans to check for malware remants. It's important the machine appears clean before you attempt file recovery, as we don't want issues to arise should there still be an active infection. 
 
Please work your way through the following, and post back the logs once done. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • Emsisoft log
  • ESET Online Scan log

Posted Image

#14 ddiamond

ddiamond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 February 2015 - 11:27 PM

Hi Adam,

Here they are - however, the ESET one looks a lot different than the other ones, especially after taking three hours! I hope I didn't screw it up somehow......

Thanks,

Matt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 5:57:51 PM
Logfile: Anti-Malware Scan Results.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.10
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matthew

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342543
Time Elapsed: 38 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c0caa5fe-7c9c-4dca-a265-63cf55379d1a}, Quarantined, [9522b26ecac046f0d35e79d1867dad53],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [9522b26ecac046f0d35e79d1867dad53],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C0CAA5FE-7C9C-4DCA-A265-63CF55379D1A}, Quarantined, [9522b26ecac046f0d35e79d1867dad53],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [8631c35d266440f688005eba45c0f808],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Bandoo.A, C:\Users\Matthew\AppData\Local\ilividbandoomoviestoolbar, Quarantined, [5562ac74404a4beb4af89dda47bc6997],
PUP.Optional.Bandoo.A, C:\Users\Matthew\AppData\Local\ilividbandoomoviestoolbar\GC, Quarantined, [5562ac74404a4beb4af89dda47bc6997],

Files: 3
PUP.Optional.OptimumInstaller.A, C:\Users\Matthew\Downloads\Player-Chrome.exe, Quarantined, [bafdf32d5436f046cd53205619e80bf5],
PUP.Optional.Bandoo.A, C:\Users\Matthew\AppData\Local\ilividbandoomoviestoolbar\GC\com.apn.native_messaging_host_aaaaafeopjhkcolncjbedbhofpocmdbn.json, Quarantined, [5562ac74404a4beb4af89dda47bc6997],
PUP.Optional.Bandoo.A, C:\Users\Matthew\AppData\Local\ilividbandoomoviestoolbar\GC\IACNativeMsgHost.exe, Quarantined, [5562ac74404a4beb4af89dda47bc6997],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Emsisoft Emergency Kit - Version 9.0
Last update: 2/21/2015 9:30:31 PM
User account: MATTS_LAPTOP\Matthew

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, Y:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 2/21/2015 11:20:03 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS  detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN  detected: Setting.NoRun (A)

Scanned 384498
Found 6

Scan end: 2/22/2015 2:13:49 AM
Scan time: 2:53:46

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2633815232-960237094-2566872554-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A)

Quarantined 6

 

ESET Online Scanner -

 

C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Matthew\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe.xBAD Win32/MyPCBackup.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Matthew\AppData\Local\Temp\BackupSetup.exe.xBAD MSIL/MyPCBackup.D potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 



#15 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 23 February 2015 - 12:20 AM

Hi Matt, 
 
The ESET log is fine. The items detected in all 3 scans are merely remnants, not active infections. 
 
How is your machine performing? Are you experiencing any malware-like issues? 
Should there be no further malware-related issues, we can move onto attempting file recovery.


Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users