1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I think I have a virus

Discussion in 'Virus & Other Malware Removal' started by pmbecky, Jul 18, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    When I open up my internet brouser after a while a bunch of talking and music starts playing in the background.....it sounds like about 15 commercials are all playing at once and I can not find out out to stop it. Please help!
     
  2. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    can someone help me with this?
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Pmbecky, my name is Mark and I will be helping you.

    At the top of the Malware forum there is a notice Everyone MUST read this BEFORE posting for help in this forum.

    As you have not followed that instruction this may be why you have not received a reply. Please go Here, follow ALL the instructions and post the logs that are requested.

    Please also run this scan and post the log:

    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]
    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    [​IMG]
     
  4. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:18:55 PM, on 7/23/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Owner\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iYogi Support Dock] "C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
    O4 - HKUS\S-1-5-18\..\Run: [cftmon] C:\Windows\TEMP\bbyuuioeox.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [cftmon] C:\Windows\TEMP\bbyuuioeox.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted IP range: http://10.10.10.103
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://10.10.10.103/WebClient.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.mytwc.net/dana-cached/sc/JuniperSetupClient.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
    O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    O23 - Service: Support Dock Service (SupportDockService.exe) - iYogi Technical Services - C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe
    O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

    --
    End of file - 8661 bytes
     
  5. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User: Owner [Admin rights]
    Mode: Scan -- Date: 07/23/2012 23:09:22

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] bbyuuioeox.exe -- C:\Windows\TEMP\bbyuuioeox.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [SUSP PATH] HKUS\.DEFAULT[...]\Run : cftmon (C:\Windows\TEMP\bbyuuioeox.exe) -> FOUND
    [SUSP PATH] HKUS\S-1-5-18[...]\Run : cftmon (C:\Windows\TEMP\bbyuuioeox.exe) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 ATA Device +++++
    --- User ---
    [MBR] e6b32a5eef46653afd7ec690b18406a3
    [BSP] 37dcf337b3303c668df7160fe89824e2 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  6. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    thanks
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome, but you have only posted the log from HJT, the link I gave also asks for DDS and GMER logs. Please follow the instructions and post those as well.

    RogueKiller has found a suspicious file please run this check and post the results.


    Go to one of the following online services that analyzes suspicious files:
    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    C:\Windows\TEMP\bbyuuioeox.exe <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
     
  8. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 23:01:09 on 2012-07-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.1355 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
    C:\Windows\System32\msdtc.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k PeerDist
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Windows\system32\locator.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\svchost.exe -k wcssvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\TEMP\bbyuuioeox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\msdt.exe
    C:\Windows\System32\sdiagnhost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://espn.go.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [iYogi Support Dock] "c:\program files\iyogi support dock\iYogiSupportDock.exe"
    mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
    dRun: [cftmon] c:\windows\temp\bbyuuioeox.exe
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.10.10.103/WebClient.exe
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://www.mytwc.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\27F62656274702960786F6E656 : DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\4696167636F6D6 : DhcpNameServer = 68.87.74.166 68.87.68.166
    TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\D45646963616C6F575962756C6563737 : DhcpNameServer = 10.64.0.3 10.64.0.4
    TCP: Interfaces\{5E51A5D3-CDCE-456A-9978-91BFDA4324AF}\E4544574541425 : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{6CBBEF6A-AEB6-4156-A487-607AB163B9A6} : DhcpNameServer = 192.168.56.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/01/19 22:06:28];c:\program files\hewlett-packard\media\dvd\000.fcl [2011-1-19 87536]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\AEstSrv.exe [2011-1-19 81920]
    R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2012-7-15 206152]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2012-7-15 222544]
    R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2012-7-15 206160]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
    R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-10-10 54784]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
    S2 SupportDockService.exe;Support Dock Service;c:\program files\iyogi support dock\services\commagent\SupportDockService.exe [2012-3-2 78336]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-8 136176]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-22 107360]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-7 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
    S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-11 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-07-24 02:43:16 682 ----a-w- c:\programdata\xfsmaaa.tmp
    2012-07-24 02:00:14 667 ----a-w- c:\programdata\noyraaa.tmp
    2012-07-22 23:44:07 654 ----a-w- c:\programdata\cvpobaa.tmp
    2012-07-22 23:44:02 670 ----a-w- c:\programdata\dvpobaa.tmp
    2012-07-20 01:17:50 892 ----a-w- c:\programdata\yornbaa.tmp
    2012-07-20 01:15:41 895 ----a-w- c:\programdata\ktkkbaa.tmp
    2012-07-20 01:14:30 913 ----a-w- c:\programdata\nsmwaaa.tmp
    2012-07-19 00:17:43 913 ----a-w- c:\programdata\cfpmaaa.tmp
    2012-07-19 00:17:43 891 ----a-w- c:\programdata\qoxvaaa.tmp
    2012-07-19 00:17:37 906 ----a-w- c:\programdata\wlrjaaa.tmp
    2012-07-19 00:16:40 878 ----a-w- c:\programdata\xlrjaaa.tmp
    2012-07-19 00:16:36 914 ----a-w- c:\programdata\zcxjbaa.tmp
    2012-07-16 21:25:52 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-15 16:37:47 95568 ----a-w- c:\windows\system32\Vetredir.dll
    2012-07-15 16:37:47 206160 ----a-w- c:\windows\system32\Isafprod.dll
    2012-07-15 16:37:47 128336 ----a-w- c:\windows\system32\Isafeif.dll
    2012-07-15 16:36:53 -------- d-----w- c:\program files\CA
    2012-07-15 16:30:59 904 ----a-w- c:\programdata\xdlkaaa.tmp
    2012-07-15 16:29:37 172060796 ----a-w- C:\reg backup.reg
    2012-07-15 16:21:32 -------- d-----w- c:\program files\WMI Tools
    2012-07-15 16:15:34 -------- d-----w- c:\users\owner\appdata\local\VS Revo Group
    2012-07-15 15:32:57 -------- d-----w- c:\programdata\iYogi
    2012-07-15 15:30:46 -------- d-----w- c:\program files\iYogi Support Dock
    2012-07-15 15:22:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-15 15:22:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-15 15:22:25 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-07-15 15:22:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-15 15:22:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-15 15:22:18 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-15 15:22:18 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-15 15:22:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-15 15:21:48 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-07-15 15:21:48 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
    2012-07-15 15:21:48 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2012-07-15 15:21:48 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2012-07-15 15:21:48 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-15 15:21:47 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2012-07-15 15:21:47 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
    2012-07-15 00:37:51 890 ----a-w- c:\programdata\wrekbaa.tmp
    2012-07-15 00:34:54 906 ----a-w- c:\programdata\wpxhbaa.tmp
    2012-07-15 00:33:33 888 ----a-w- c:\programdata\xpfoaaa.tmp
    2012-07-09 05:40:27 911 ----a-w- c:\programdata\ptvkaaa.tmp
    2012-07-08 23:26:57 927 ----a-w- c:\programdata\odxpbaa.tmp
    2012-07-08 23:25:03 922 ----a-w- c:\programdata\tbboaaa.tmp
    2012-07-08 23:24:27 927 ----a-w- c:\programdata\pdxpbaa.tmp
    2012-07-08 23:22:17 908 ----a-w- c:\programdata\gvapaaa.tmp
    2012-07-08 23:22:10 913 ----a-w- c:\programdata\slgjbaa.tmp
    2012-07-08 23:21:58 938 ----a-w- c:\programdata\sbboaaa.tmp
    2012-07-08 23:21:56 921 ----a-w- c:\programdata\foakaaa.tmp
    2012-07-08 23:21:51 901 ----a-w- c:\programdata\eoakaaa.tmp
    2012-07-08 23:20:14 916 ----a-w- c:\programdata\tlgjbaa.tmp
    2012-07-08 23:11:27 -------- d-----w- c:\programdata\CA
    2012-07-08 21:26:03 617 ----a-w- c:\programdata\ewwtdaa.tmp
    2012-07-08 21:25:47 619 ----a-w- c:\programdata\fwwtdaa.tmp
    2012-06-26 23:28:02 -------- d-----w- c:\windows\system32\webclient
    2012-06-26 23:22:02 -------- d-----w- c:\programdata\AMMYY
    .
    ==================== Find3M ====================
    .
    2012-07-15 15:06:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-15 15:06:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 04:41:44 919040 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    ============= FINISH: 23:01:43.98 ===============
     
  9. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-24 22:41:57
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01
    Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugdiikog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C573C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C90D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xA20F0000, 0x2892, 0xE8000020]
    .vmp2 c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xA2113050]
    ? C:\Users\Owner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
    .text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
    .text C:\Windows\system32\svchost.exe[2512] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
    .text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
    .text C:\Windows\Explorer.EXE[3440] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00264834
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!GetAsyncKeyState 7582A256 5 Bytes JMP 651ADEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!GetKeyState 75832B4D 5 Bytes JMP 651ADD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!IsDialogMessageW 75834104 5 Bytes JMP 65359855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogParamA 75841F42 5 Bytes JMP 653590B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!IsDialogMessage 75842019 5 Bytes JMP 6535982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogIndirectParamA 7584721D 5 Bytes JMP 65359128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogIndirectParamW 7584EA10 5 Bytes JMP 65359160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!EndDialog 75853BA3 5 Bytes JMP 65359B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!CreateDialogParamW 75855630 5 Bytes JMP 653590F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetKeyboardState 7585695A 5 Bytes JMP 6535A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SendInput 75857019 5 Bytes JMP 6535A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!SetCursorPos 7586C1B0 5 Bytes JMP 6535A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] USER32.dll!keybd_event 7587EC3B 5 Bytes JMP 6535A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] SHELL32.dll!RealDriveType + 173D 75B3FE30 4 Bytes [CF, 01, 09, 69]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] SHELL32.dll!RealDriveType + 1745 75B3FE38 8 Bytes [E0, 61, 08, 69, 79, F7, 08, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[11692] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[12600] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!WSASend 77064406 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!recv 77066B0E 5 Bytes JMP 7FF9196B
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!send 77066F01 5 Bytes JMP 7FF91AD9
    .text C:\Program Files\Internet Explorer\iexplore.exe[16940] WS2_32.dll!WSARecv 77067089 5 Bytes JMP 7FF91A15
    .text C:\Windows\System32\svchost.exe[17188] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 00024834
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!GetAsyncKeyState 7582A256 5 Bytes JMP 651ADEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!GetKeyState 75832B4D 5 Bytes JMP 651ADD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!IsDialogMessageW 75834104 5 Bytes JMP 65359855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogParamA 75841F42 5 Bytes JMP 653590B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!IsDialogMessage 75842019 5 Bytes JMP 6535982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogIndirectParamA 7584721D 5 Bytes JMP 65359128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogIndirectParamW 7584EA10 5 Bytes JMP 65359160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!EndDialog 75853BA3 5 Bytes JMP 65359B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!CreateDialogParamW 75855630 5 Bytes JMP 653590F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetKeyboardState 7585695A 5 Bytes JMP 6535A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SendInput 75857019 5 Bytes JMP 6535A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!SetCursorPos 7586C1B0 5 Bytes JMP 6535A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] USER32.dll!keybd_event 7587EC3B 5 Bytes JMP 6535A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] SHELL32.dll!RealDriveType + 173D 75B3FE30 4 Bytes [CF, 01, 09, 69]
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] SHELL32.dll!RealDriveType + 1745 75B3FE38 8 Bytes [E0, 61, 08, 69, 79, F7, 08, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[17900] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] kernel32.dll!CreateThread 76A1DCC2 5 Bytes JMP 651C75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] kernel32.dll!CreateProcessInternalW 76A207A2 5 Bytes JMP 0005485C
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!EnableWindow 75828D02 5 Bytes JMP 65209EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CallNextHookEx 7582ABE1 5 Bytes JMP 65227FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!UnhookWindowsHookEx 7582ADF9 5 Bytes JMP 6524ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DefWindowProcA 7582BB1C 7 Bytes JMP 651C97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CreateWindowExA 7582BF40 5 Bytes JMP 651D362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!SetWindowsHookExW 7582E30C 5 Bytes JMP 652025AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!CreateWindowExW 7582EC7C 5 Bytes JMP 652303B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DefWindowProcW 7583507D 7 Bytes JMP 65228042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxParamW 75843B9B 5 Bytes JMP 6516187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxIndirectParamW 75853B7F 5 Bytes JMP 65358D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxParamA 7586CF42 5 Bytes JMP 65358D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!DialogBoxIndirectParamA 7586D274 5 Bytes JMP 65358DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxIndirectA 7587E869 5 Bytes JMP 65358CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxIndirectW 7587E963 5 Bytes JMP 65358C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxExA 7587E9C9 5 Bytes JMP 65358BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] USER32.dll!MessageBoxExW 7587E9ED 5 Bytes JMP 65358B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] ole32.dll!OleLoadFromStream 767C6143 5 Bytes JMP 6535955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!WSASend 77064406 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!recv 77066B0E 5 Bytes JMP 7FF9196B
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!send 77066F01 5 Bytes JMP 7FF91AD9
    .text C:\Program Files\Internet Explorer\iexplore.exe[19948] ws2_32.dll!WSARecv 77067089 5 Bytes JMP 7FF91A15

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [69097F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6909F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6909AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6909939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [69085F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [69099229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6908F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [69090ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6909F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [690A072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6909F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [690A1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [690A1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6908FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [690A1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6908F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6908FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [690A1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [690A12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [690A0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [690A1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [690A194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [690A1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6908F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6908F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [690A27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [690A136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [690A1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [690A0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [690A2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6908F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [690A2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69087430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6908F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6908E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69085D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [690A140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [690A1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [690A1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [69090123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [690A218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [690A1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6908FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [690A19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6908FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [690A20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [690A0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [690A0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6908FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [690A18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [690A1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [690A171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [690A17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [69098C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6909CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6909D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6909D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6909C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6909B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6909A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6909E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6909A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [69099AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6909E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [69099F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6909A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6908F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [690A2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [690864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [69084CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [69086528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[11692] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [69097F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6909F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6909C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6909AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [69085EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6909FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [690A07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6909939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [690863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6909029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [69085F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [69099229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6908F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [69085E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [69090ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6909F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6909F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [690A072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6909F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [690A1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [690A1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6908FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [690A1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6908F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6908FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [690A1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [690A12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [690A0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [690A1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [690A194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [690A1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6908F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6908F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [690A27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [690A136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [690A1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [690A0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [690A2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6908F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [690A2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [69087430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6908F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6908E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [69085D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [690A140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [690A1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [690A1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [69090123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [690A218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [690A1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6908FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [690A19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6908FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [690A20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [690A0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [690A0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6908FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [690A18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [690A1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [690A171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [690A17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [69098C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6909CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6909D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6909D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6909C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6909B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6909B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6909A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6909E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6909ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6909A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [69099AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6909E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6909E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [69099F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6909BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6909A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [69084E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [69086D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6908F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [690A1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [690A2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [690A2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [690A2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [69090178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [690864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [69084CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [69084927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [69084984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [69086528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[17900] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [690847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\BTHUSB \Device\000000bb bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\000000bd bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\00000549 \GLOBAL??\789b4c69 86FC1880

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002186d7f0a6
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002186d7f0a6 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 1125

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB13554$\2023443561 0 bytes
    File C:\Windows\$NtUninstallKB13554$\2023443561\L 0 bytes
    File C:\Windows\$NtUninstallKB13554$\2023443561\U 0 bytes
    File C:\Windows\$NtUninstallKB13554$\4136240380 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  10. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    I cannot find the bbyuuioeox.exe file.
     
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, don't worry about that file for now. Please continue with these instructions.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.
    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!
    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix
    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.
    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Are you still with us?
     
  13. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    yeah...been getting home too late to work on it. When I try to run the combo fix it says that we have to dissable our anti virus. We tried doing it by putting it to sleep but still got the same msg when we tried to run the combo fix again. We have the CA Technology Anti virus.
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, I would suggest you change to a better Anti Virus, Microsoft Security Essentials, it is free and highly recommended.

    Please uninstall CA and then use this to clean out any remnants
    CA Internet Security Uninstaller
    Next download and install this: Microsoft Security Essentials

    You should find that easy to disable, open the program, under the Settings tab click on Real Time Protection and switch it off, then run Combofix.
     
  15. pmbecky

    pmbecky Thread Starter

    Joined:
    Aug 15, 2007
    Messages:
    167
    ComboFix 12-07-29.02 - Owner 07/29/2012 16:59:34.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3039.2366 [GMT -4:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Shop to Win
    c:\programdata\AMMYY
    c:\programdata\AMMYY\hr
    c:\programdata\AMMYY\hr3
    c:\programdata\AMMYY\settings3.bin
    c:\programdata\cfpmaaa.tmp
    c:\programdata\cvpobaa.tmp
    c:\programdata\dvpobaa.tmp
    c:\programdata\eoakaaa.tmp
    c:\programdata\ewwtdaa.tmp
    c:\programdata\foakaaa.tmp
    c:\programdata\fwwtdaa.tmp
    c:\programdata\gvapaaa.tmp
    c:\programdata\ktkkbaa.tmp
    c:\programdata\noyraaa.tmp
    c:\programdata\odxpbaa.tmp
    c:\programdata\pdxpbaa.tmp
    c:\programdata\ptvkaaa.tmp
    c:\programdata\qoxvaaa.tmp
    c:\programdata\sbboaaa.tmp
    c:\programdata\slgjbaa.tmp
    c:\programdata\tbboaaa.tmp
    c:\programdata\tlgjbaa.tmp
    c:\programdata\vwiqraa.tmp
    c:\programdata\wpxhbaa.tmp
    c:\programdata\wrekbaa.tmp
    c:\programdata\xdlkaaa.tmp
    c:\programdata\xfsmaaa.tmp
    c:\programdata\xpfoaaa.tmp
    c:\programdata\yornbaa.tmp
    c:\programdata\zcxjbaa.tmp
    c:\windows\$NtUninstallKB13554$\4136240380
    c:\windows\expl.dat
    c:\windows\system32\svch.dat
    c:\windows\system32\winl.dat
    c:\windows\$NtUninstallKB13554$ . . . . Failed to delete
    .
    c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
    .
    c:\windows\system32\svchost.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
    .
    c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
    .
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    Infected copy of c:\windows\system32\svchost.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-29 21:26 . 2012-07-29 21:30 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-07-29 21:26 . 2012-07-29 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-19 01:03 . 2012-07-19 01:03 -------- d-----w- c:\windows\Sun
    2012-07-16 21:25 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-15 16:37 . 2011-05-30 08:01 206160 ----a-w- c:\windows\system32\Isafprod.dll
    2012-07-15 16:37 . 2011-05-30 08:01 95568 ----a-w- c:\windows\system32\Vetredir.dll
    2012-07-15 16:37 . 2011-05-30 08:01 128336 ----a-w- c:\windows\system32\Isafeif.dll
    2012-07-15 16:29 . 2012-07-15 16:29 172060796 ----a-w- C:\reg backup.reg
    2012-07-15 16:21 . 2012-07-15 16:21 -------- d-----w- c:\program files\WMI Tools
    2012-07-15 16:15 . 2012-07-15 16:15 -------- d-----w- c:\users\Owner\AppData\Local\VS Revo Group
    2012-07-15 15:32 . 2012-07-15 15:32 -------- d-----w- c:\programdata\iYogi
    2012-07-15 15:30 . 2012-07-15 15:49 -------- d-----w- c:\program files\iYogi Support Dock
    2012-07-15 15:22 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-15 15:22 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-07-15 15:22 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-07-15 15:22 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-07-15 15:22 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-15 15:22 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-15 15:22 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-15 15:22 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-15 15:21 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
    2012-07-15 15:21 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2012-07-15 15:21 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2012-07-15 15:21 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-15 15:21 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-07-15 15:21 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
    2012-07-15 15:21 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2012-06-30 19:04 . 2012-06-30 19:04 -------- d-----w- c:\program files\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 03:21 . 2012-04-06 01:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-28 03:21 . 2011-06-02 01:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-22 23:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 23:56 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 23:55 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 23:55 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 23:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-22 23:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-22 23:55 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-22 23:55 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-22 23:55 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-01 04:44 . 2012-06-14 00:47 164352 ----a-w- c:\windows\system32\profsvc.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 08:39 . 6527A68163744F49DA66AE02F7836218 . 74752 . . [------] . . c:\windows\System32\drivers\tdx.sys
    [-] 2010-11-20 08:39 . 6527A68163744F49DA66AE02F7836218 . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "iYogi Support Dock"="c:\program files\iYogi Support Dock\iYogiSupportDock.exe" [2012-05-18 1902944]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    2010-06-30 05:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-10-03 16:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
    2009-05-26 19:30 450652 ----a-w- c:\program files\IDT\WDM\sttray.exe
    .
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R2 SupportDockService.exe;Support Dock Service;c:\program files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/01/19 22:06];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:21]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 03:03]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-09 03:03]
    .
    2012-07-29 c:\windows\Tasks\HPCeeScheduleForOwner.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.10.10.103/WebClient.exe
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:8e,5b,2b,40,50,5d,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,ba,83,4b,b6,0c,d0,45,91,e5,cc,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,ba,83,4b,b6,0c,d0,45,91,e5,cc,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2888)
    c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\System32\msdtc.exe
    c:\windows\system32\msiexec.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    c:\windows\system32\locator.exe
    c:\windows\system32\UI0Detect.exe
    c:\windows\System32\vds.exe
    c:\windows\system32\wbem\WmiApSrv.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-29 17:34:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-29 21:34
    .
    Pre-Run: 460,686,589,952 bytes free
    Post-Run: 461,248,839,680 bytes free
    .
    - - End Of File - - 9547781DE227A6D7B1244D16D2EE2F20
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061637