Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: I think I have a virus


(!)

pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
18-Jul-2012, 08:31 PM #1
I think I have a virus
When I open up my internet brouser after a while a bunch of talking and music starts playing in the background.....it sounds like about 15 commercials are all playing at once and I can not find out out to stop it. Please help!
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
22-Jul-2012, 07:48 PM #2
can someone help me with this?
Mark1956's Avatar
Malware Removal Specialist with 13,955 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
23-Jul-2012, 05:56 AM #3
Hi Pmbecky, my name is Mark and I will be helping you.

At the top of the Malware forum there is a notice Everyone MUST read this BEFORE posting for help in this forum.

As you have not followed that instruction this may be why you have not received a reply. Please go Here, follow ALL the instructions and post the logs that are requested.

Please also run this scan and post the log:

Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:
  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
23-Jul-2012, 10:19 PM #4
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:55 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iYogi Support Dock] "C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKUS\S-1-5-18\..\Run: [cftmon] C:\Windows\TEMP\bbyuuioeox.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cftmon] C:\Windows\TEMP\bbyuuioeox.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://10.10.10.103
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://10.10.10.103/WebClient.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.mytwc.net/dana-cached/sc...etupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5 f1d6fff385\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5 f1d6fff385\STacSV.exe
O23 - Service: Support Dock Service (SupportDockService.exe) - iYogi Technical Services - C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

--
End of file - 8661 bytes
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
23-Jul-2012, 11:11 PM #5
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 07/23/2012 23:09:22

Bad processes: 1
[SUSP PATH] bbyuuioeox.exe -- C:\Windows\TEMP\bbyuuioeox.exe -> KILLED [TermProc]

Registry Entries: 4
[SUSP PATH] HKUS\.DEFAULT[...]\Run : cftmon (C:\Windows\TEMP\bbyuuioeox.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : cftmon (C:\Windows\TEMP\bbyuuioeox.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [LOADED]

Infection :

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 ATA Device +++++
--- User ---
[MBR] e6b32a5eef46653afd7ec690b18406a3
[BSP] 37dcf337b3303c668df7160fe89824e2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
23-Jul-2012, 11:12 PM #6
thanks
Mark1956's Avatar
Malware Removal Specialist with 13,955 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
24-Jul-2012, 01:20 AM #7
You're welcome, but you have only posted the log from HJT, the link I gave also asks for DDS and GMER logs. Please follow the instructions and post those as well.

RogueKiller has found a suspicious file please run this check and post the results.


Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

C:\Windows\TEMP\bbyuuioeox.exe <- this file

Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis in your next reply.
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
24-Jul-2012, 10:00 PM #8
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 23:01:09 on 2012-07-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.1355 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5 f1d6fff385\STacSV.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5 f1d6fff385\aestsrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\msdtc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k PeerDist
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\TEMP\bbyuuioeox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iYogi Support Dock] "c:\program files\iyogi support dock\iYogiSupportDock.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
dRun: [cftmon] c:\windows\temp\bbyuuioeox.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\o nenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.10.10.103/WebClient.exe
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://www.mytwc.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\27F62656274702960786F6E656 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\4696167636F6D6 : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\D45646963616C6F575962756C6563737 : DhcpNameServer = 10.64.0.3 10.64.0.4
TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\E4544574541425 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{6CBBEF6A-AEB6-4156-A487-607AB163B9A6} : DhcpNameServer = 192.168.56.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/01/19 22:06:28];c:\program files\hewlett-packard\media\dvd\000.fcl [2011-1-19 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutra l_b8cef5f1d6fff385\AEstSrv.exe [2011-1-19 81920]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2012-7-15 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2012-7-15 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2012-7-15 206160]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-10-10 54784]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 SupportDockService.exe;Support Dock Service;c:\program files\iyogi support dock\services\commagent\SupportDockService.exe [2012-3-2 78336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-22 107360]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-7 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-11 1343400]
.
=============== Created Last 30 ================
.
2012-07-24 02:43:16 682 ----a-w- c:\programdata\xfsmaaa.tmp
2012-07-24 02:00:14 667 ----a-w- c:\programdata\noyraaa.tmp
2012-07-22 23:44:07 654 ----a-w- c:\programdata\cvpobaa.tmp
2012-07-22 23:44:02 670 ----a-w- c:\programdata\dvpobaa.tmp
2012-07-20 01:17:50 892 ----a-w- c:\programdata\yornbaa.tmp
2012-07-20 01:15:41 895 ----a-w- c:\programdata\ktkkbaa.tmp
2012-07-20 01:14:30 913 ----a-w- c:\programdata\nsmwaaa.tmp
2012-07-19 00:17:43 913 ----a-w- c:\programdata\cfpmaaa.tmp
2012-07-19 00:17:43 891 ----a-w- c:\programdata\qoxvaaa.tmp
2012-07-19 00:17:37 906 ----a-w- c:\programdata\wlrjaaa.tmp
2012-07-19 00:16:40 878 ----a-w- c:\programdata\xlrjaaa.tmp
2012-07-19 00:16:36 914 ----a-w- c:\programdata\zcxjbaa.tmp
2012-07-16 21:25:52 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 16:37:47 95568 ----a-w- c:\windows\system32\Vetredir.dll
2012-07-15 16:37:47 206160 ----a-w- c:\windows\system32\Isafprod.dll
2012-07-15 16:37:47 128336 ----a-w- c:\windows\system32\Isafeif.dll
2012-07-15 16:36:53 -------- d-----w- c:\program files\CA
2012-07-15 16:30:59 904 ----a-w- c:\programdata\xdlkaaa.tmp
2012-07-15 16:29:37 172060796 ----a-w- C:\reg backup.reg
2012-07-15 16:21:32 -------- d-----w- c:\program files\WMI Tools
2012-07-15 16:15:34 -------- d-----w- c:\users\owner\appdata\local\VS Revo Group
2012-07-15 15:32:57 -------- d-----w- c:\programdata\iYogi
2012-07-15 15:30:46 -------- d-----w- c:\program files\iYogi Support Dock
2012-07-15 15:22:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-15 15:22:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-15 15:22:25 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-15 15:22:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-15 15:22:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-15 15:22:18 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-15 15:22:18 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-15 15:22:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-15 15:21:48 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-15 15:21:48 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-15 15:21:48 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-15 15:21:48 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-15 15:21:48 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-15 15:21:47 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-07-15 15:21:47 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-07-15 00:37:51 890 ----a-w- c:\programdata\wrekbaa.tmp
2012-07-15 00:34:54 906 ----a-w- c:\programdata\wpxhbaa.tmp
2012-07-15 00:33:33 888 ----a-w- c:\programdata\xpfoaaa.tmp
2012-07-09 05:40:27 911 ----a-w- c:\programdata\ptvkaaa.tmp
2012-07-08 23:26:57 927 ----a-w- c:\programdata\odxpbaa.tmp
2012-07-08 23:25:03 922 ----a-w- c:\programdata\tbboaaa.tmp
2012-07-08 23:24:27 927 ----a-w- c:\programdata\pdxpbaa.tmp
2012-07-08 23:22:17 908 ----a-w- c:\programdata\gvapaaa.tmp
2012-07-08 23:22:10 913 ----a-w- c:\programdata\slgjbaa.tmp
2012-07-08 23:21:58 938 ----a-w- c:\programdata\sbboaaa.tmp
2012-07-08 23:21:56 921 ----a-w- c:\programdata\foakaaa.tmp
2012-07-08 23:21:51 901 ----a-w- c:\programdata\eoakaaa.tmp
2012-07-08 23:20:14 916 ----a-w- c:\programdata\tlgjbaa.tmp
2012-07-08 23:11:27 -------- d-----w- c:\programdata\CA
2012-07-08 21:26:03 617 ----a-w- c:\programdata\ewwtdaa.tmp
2012-07-08 21:25:47 619 ----a-w- c:\programdata\fwwtdaa.tmp
2012-06-26 23:28:02 -------- d-----w- c:\windows\system32\webclient
2012-06-26 23:22:02 -------- d-----w- c:\programdata\AMMYY
.
==================== Find3M ====================
.
2012-07-15 15:06:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 15:06:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 04:41:44 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 23:01:43.98 ===============
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
24-Jul-2012, 10:42 PM #9
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-24 22:41:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugdiikog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C573C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C90D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xA20F0000, 0x2892, 0xE8000020]
.vmp2 c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xA2113050]
? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
.text C:\Windows\Explorer.EXE[3440] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00264834
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!GetAsyncKeyState 7582A256 5 Bytes JMP 651ADEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!GetKeyState 75832B4D 5 Bytes JMP 651ADD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!IsDialogMessageW 75834104 5 Bytes JMP 65359855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogParamA 75841F42 5 Bytes JMP 653590B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!IsDialogMessage 75842019 5 Bytes JMP 6535982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogIndirectParamA 7584721D 5 Bytes JMP 65359128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogIndirectParamW 7584EA10 5 Bytes JMP 65359160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!EndDialog 75853BA3 5 Bytes JMP 65359B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogParamW 75855630 5 Bytes JMP 653590F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetKeyboardState 7585695A 5 Bytes JMP 6535A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SendInput 75857019 5 Bytes JMP 6535A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetCursorPos 7586C1B0 5 Bytes JMP 6535A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!keybd_event 7587EC3B 5 Bytes JMP 6535A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] SHELL32.dll!RealDriveType + 173D 75B3FE30 4 Bytes [CF, 01, 09, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] SHELL32.dll!RealDriveType + 1745 75B3FE38 8 Bytes [E0, 61, 08, 69, 79, F7, 08, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[11692] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!WSASend 77064406 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!recv 77066B0E 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!send 77066F01 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!WSARecv 77067089 5 Bytes JMP 7FF91A15
.text C:\Windows\System32\svchost.exe[17188] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!GetAsyncKeyState 7582A256 5 Bytes JMP 651ADEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!GetKeyState 75832B4D 5 Bytes JMP 651ADD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!IsDialogMessageW 75834104 5 Bytes JMP 65359855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogParamA 75841F42 5 Bytes JMP 653590B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!IsDialogMessage 75842019 5 Bytes JMP 6535982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogIndirectParamA 7584721D 5 Bytes JMP 65359128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogIndirectParamW 7584EA10 5 Bytes JMP 65359160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!EndDialog 75853BA3 5 Bytes JMP 65359B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogParamW 75855630 5 Bytes JMP 653590F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetKeyboardState 7585695A 5 Bytes JMP 6535A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SendInput 75857019 5 Bytes JMP 6535A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetCursorPos 7586C1B0 5 Bytes JMP 6535A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!keybd_event 7587EC3B 5 Bytes JMP 6535A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] SHELL32.dll!RealDriveType + 173D 75B3FE30 4 Bytes [CF, 01, 09, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] SHELL32.dll!RealDriveType + 1745 75B3FE38 8 Bytes [E0, 61, 08, 69, 79, F7, 08, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[17900] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!WSASend 77064406 5 Bytes JMP 7FF91B07
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!recv 77066B0E 5 Bytes JMP 7FF9196B
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!send 77066F01 5 Bytes JMP 7FF91AD9
.text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!WSARecv 77067089 5 Bytes JMP 7FF91A15

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [69097F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6909F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6909AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6909939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [69085F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [69099229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6908F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [69090ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6909F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [690A072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6909F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [690A1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [690A1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6908FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [690A1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6908F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6908FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [690A1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [690A12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [690A0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [690A1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [690A194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [690A1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6908F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6908F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [690A27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [690A136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [690A1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [690A0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [690A2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6908F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [690A2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69087430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6908F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6908E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69085D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [690A140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [690A1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [690A1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [69090123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [690A218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [690A1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6908FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [690A19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6908FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [690A20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [690A0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [690A0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6908FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [690A18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [690A1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [690A171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [690A17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [69098C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6909CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6909D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6909D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6909C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6909B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6909A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6909E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6909A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [69099AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6909E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [69099F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6909A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6908F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [690A2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [690864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [69084CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [69086528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [69097F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6909F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6909AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6909939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [69085F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [69099229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6908F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [69090ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6909F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [690A072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6909F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [690A1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [690A1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6908FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [690A1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6908F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6908FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [690A1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [690A12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [690A0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [690A1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [690A194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [690A1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6908F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6908F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [690A27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [690A136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [690A1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [690A0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [690A2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6908F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [690A2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69087430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6908F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6908E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69085D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [690A140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [690A1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [690A1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [69090123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [690A218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [690A1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6908FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [690A19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6908FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [690A20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [690A0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [690A0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6908FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [690A18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [690A1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [690A171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [690A17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [69098C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6909CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6909D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6909D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6909C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6909B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6909A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6909E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6909A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [69099AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6909E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [69099F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6909A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6908F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [690A2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [690864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [69084CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [69086528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\000000bb bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000bd bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00000549 \GLOBAL??\789b4c69 86FC1880

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186d7f0a6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186d7f0a6 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 1125

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB13554$\2023443561 0 bytes
File C:\Windows\$NtUninstallKB13554$\2023443561\L 0 bytes
File C:\Windows\$NtUninstallKB13554$\2023443561\U 0 bytes
File C:\Windows\$NtUninstallKB13554$\4136240380 0 bytes

---- EOF - GMER 1.0.15 ----
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
24-Jul-2012, 10:50 PM #10
I cannot find the bbyuuioeox.exe file.
Mark1956's Avatar
Malware Removal Specialist with 13,955 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
25-Jul-2012, 02:22 AM #11
Ok, don't worry about that file for now. Please continue with these instructions.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix
Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
Mark1956's Avatar
Malware Removal Specialist with 13,955 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
27-Jul-2012, 02:34 AM #12
Are you still with us?
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
27-Jul-2012, 11:31 PM #13
yeah...been getting home too late to work on it. When I try to run the combo fix it says that we have to dissable our anti virus. We tried doing it by putting it to sleep but still got the same msg when we tried to run the combo fix again. We have the CA Technology Anti virus.
Mark1956's Avatar
Malware Removal Specialist with 13,955 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
28-Jul-2012, 03:06 AM #14
Ok, I would suggest you change to a better Anti Virus, Microsoft Security Essentials, it is free and highly recommended.

Please uninstall CA and then use this to clean out any remnants
CA Internet Security Uninstaller
Next download and install this: Microsoft Security Essentials

You should find that easy to disable, open the program, under the Settings tab click on Real Time Protection and switch it off, then run Combofix.
pmbecky's Avatar
pmbecky pmbecky is offline
Computer Specs
Member with 162 posts.
THREAD STARTER
 
Join Date: Aug 2007
Experience: Intermediate
29-Jul-2012, 05:42 PM #15
ComboFix 12-07-29.02 - Owner 07/29/2012 16:59:34.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.2366 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Shop to Win
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\programdata\cfpmaaa.tmp
c:\programdata\cvpobaa.tmp
c:\programdata\dvpobaa.tmp
c:\programdata\eoakaaa.tmp
c:\programdata\ewwtdaa.tmp
c:\programdata\foakaaa.tmp
c:\programdata\fwwtdaa.tmp
c:\programdata\gvapaaa.tmp
c:\programdata\ktkkbaa.tmp
c:\programdata\noyraaa.tmp
c:\programdata\odxpbaa.tmp
c:\programdata\pdxpbaa.tmp
c:\programdata\ptvkaaa.tmp
c:\programdata\qoxvaaa.tmp
c:\programdata\sbboaaa.tmp
c:\programdata\slgjbaa.tmp
c:\programdata\tbboaaa.tmp
c:\programdata\tlgjbaa.tmp
c:\programdata\vwiqraa.tmp
c:\programdata\wpxhbaa.tmp
c:\programdata\wrekbaa.tmp
c:\programdata\xdlkaaa.tmp
c:\programdata\xfsmaaa.tmp
c:\programdata\xpfoaaa.tmp
c:\programdata\yornbaa.tmp
c:\programdata\zcxjbaa.tmp
c:\windows\$NtUninstallKB13554$\4136240380
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
c:\windows\$NtUninstallKB13554$ . . . . Failed to delete
.
c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
c:\windows\system32\svchost.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 21:26 . 2012-07-29 21:30 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-29 21:26 . 2012-07-29 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 01:03 . 2012-07-19 01:03 -------- d-----w- c:\windows\Sun
2012-07-16 21:25 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 16:37 . 2011-05-30 08:01 206160 ----a-w- c:\windows\system32\Isafprod.dll
2012-07-15 16:37 . 2011-05-30 08:01 95568 ----a-w- c:\windows\system32\Vetredir.dll
2012-07-15 16:37 . 2011-05-30 08:01 128336 ----a-w- c:\windows\system32\Isafeif.dll
2012-07-15 16:29 . 2012-07-15 16:29 172060796 ----a-w- C:\reg backup.reg
2012-07-15 16:21 . 2012-07-15 16:21 -------- d-----w- c:\program files\WMI Tools
2012-07-15 16:15 . 2012-07-15 16:15 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
2012-07-15 15:32 . 2012-07-15 15:32 -------- d-----w- c:\programdata\iYogi
2012-07-15 15:30 . 2012-07-15 15:49 -------- d-----w- c:\program files\iYogi Support Dock
2012-07-15 15:22 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-15 15:22 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-15 15:22 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-15 15:22 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-15 15:22 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-15 15:22 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-15 15:22 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-15 15:22 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-15 15:21 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-15 15:21 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-15 15:21 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-15 15:21 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-15 15:21 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-15 15:21 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-15 15:21 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-06-30 19:04 . 2012-06-30 19:04 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 03:21 . 2012-04-06 01:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 03:21 . 2011-06-02 01:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 23:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 23:56 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 23:55 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 23:55 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 23:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 23:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 23:55 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 23:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 23:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 04:44 . 2012-06-14 00:47 164352 ----a-w- c:\windows\system32\profsvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . 6527A68163744F49DA66AE02F7836218 . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 08:39 . 6527A68163744F49DA66AE02F7836218 . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"iYogi Support Dock"="c:\program files\iYogi Support Dock\iYogiSupportDock.exe" [2012-05-18 1902944]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-30 05:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 16:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-05-26 19:30 450652 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SupportDockService.exe;Support Dock Service;c:\program files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/01/19 22:06];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutra l_b8cef5f1d6fff385\aestsrv.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:21]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 03:03]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 03:03]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.10.10.103/WebClient.exe
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8e,5b,2b,40,50,5d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,ba,83,4b,b6,0c,d0,45,91,e5,cc, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,ba,83,4b,b6,0c,d0,45,91,e5,cc, \
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2888)
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5 f1d6fff385\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-07-29 17:34:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 21:34
.
Pre-Run: 460,686,589,952 bytes free
Post-Run: 461,248,839,680 bytes free
.
- - End Of File - - 9547781DE227A6D7B1244D16D2EE2F20
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑