jeanfrancois

10 Posts

10919

June 10th, 2010 17:00

Windows update error code 80072efe

I'v got a error when a want to do Windows Update

got code 80072efe

and sometime my firefox an explorer page are redirect... help

in firefox this is the most frequently redirect page

hxxp://blocked.ca/result.php?Keywords=code++80072efe&r=5074349c6203b91bb893aed38f64d59930bfbf855037a07a80c24b194111c6c9525a1aebbaf77dac4d0a0143eb6df825&Submit=Go

hxxp://www.diagnoseyourpc.com/?t202id=611853&t202kw=&OVRAW=code%2080072efe&OVKEY=80072efe&OVMTC=advanced&OVADID=47885015522&OVKWID=250800527022&OVCAMPGID=4590964022&OVADGRPID=7613302910&OVNDID=ND2

hxxp://mrstrainer.com/result.php?Keywords=code+80072efe&r=b7ca6de0fe0e76cf723b150ecb8044d476c01d4273f5a3113e2e55fd4d0059b13e0040971bde51426c65aa8473acfe8e&Submit=Go

And more

this is my hijackthis
Scan saved at 18:15:26, on 2010-06-10
Platform: Windows seven (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\NOTRE ORDI\Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDFCreatorClient] "C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [2spscReg] C:\Program Files\proxy.exe
O4 - HKLM\..\Run: [Spydig.exe] C:\Program Files\SpyDig\Spydig.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [2spscReg] C:\Program Files\proxy.exe
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd. - C:\Windows\System32\PDFCreatorMessages.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11497 bytes

Responses(23)

kevin27_b3d29f

1.5K Posts

0

June 16th, 2010 14:00

Hi jeanfrancois,

Sorry for the delay in getting to your log.

Welcome to Dell Community Malware Removal Forums,

I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

1) Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

2) I need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here

3) YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Next, please perform a rootkit scan:

Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
Leave your system completely idle while this longer scan is in progress.
When the scan is done, save the scan log to the Windows clipboard
Open Notepad or a similar text editor
Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
Exit the Program
Save the Scan log as ARK.txt and post it in your next reply.
Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.

Please COPY/PASTE the MBAM log, BOTH DDS logs and the ARK log back to this thread,
Thanks
K27

jeanfrancois

10 Posts

0

June 17th, 2010 11:00

Thank for the Help i follow your instruction and this is the result

The DDS scan result

DDS (Ver_10-03-17.01) - NTFSx86
Run by NOTRE ORDI at 12:53:56,50 on 2010-06-17
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.3317.1856 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: avast! antivirus 4.8.1229 [VPS 081114-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\PDFCreatorMessages.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\NOTRE ORDI\Documents\Downloads\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
uWindow Title = Internet Explorer fourni par Dell
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} -
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} -
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} -
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [2spscReg] c:\program files\proxy.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDFCreatorClient] "c:\program files\global graphics\jaws pdf creator\PDFClient.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [2spscReg] c:\program files\proxy.exe
mRun: [Spydig.exe] c:\program files\spydig\Spydig.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\notreo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\lanceur.lnk - c:\program files\micro application\LauncherMA.exe
StartupFolder: c:\users\notreo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\notreo~1\appdata\roaming\mozilla\firefox\profiles\37c6f8yy.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-12-20 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2008-12-20 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-11-21 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-30 138680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-11 1153368]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-5-6 46824]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-30 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-30 352920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-21 30192]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-06-17 16:42:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 16:42:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 21:53:35 20 ----a-w- c:\windows\$ùz
2010-06-05 23:37:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-30 14:43:00 0 d-----w- C:\Lop SD
2010-05-29 11:51:59 0 d-----w- c:\program files\Digital Photo Recovery
2010-05-26 00:45:39 0 d---a-w- c:\programdata\TEMP

==================== Find3M ====================

2010-06-17 13:44:52 697670 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-17 13:44:52 128322 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-05 00:07:39 81920 ----a-w- c:\users\notreo~1\appdata\roaming\ezpinst.exe
2010-05-05 00:07:39 47360 ----a-w- c:\users\notreo~1\appdata\roaming\pcouffin.sys
2010-05-04 23:56:17 156984 ----a-w- c:\program files\proxy.exe
2010-05-04 23:33:20 11114 ----a-w- c:\programdata\MainApp.dll
2010-05-03 23:39:27 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-03 16:15:29 87608 ----a-w- c:\users\notreo~1\appdata\roaming\inst.exe
2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 21:34:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-22 21:34:58 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-22 21:34:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 21:34:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

the other files

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2009-11-18 21:39:49
System Uptime: 2010-06-17 09:32:02 (3 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 44,532 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9,923 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP132: 2010-06-17 10:24:32 - Point de contrôle planifié

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2 - Français
Adobe Shockwave Player 11
Assistant de connexion Windows Live ID
Assistant Personnalisation du systéme Dell
AutoCAD 2009 - Français
avast! Antivirus
Beyond Compare Version 2.5
Browser Address Error Redirector
Camel's MPEGJoin
CloneDVD2
ConvertXtoDVD 3.3.4.107
Dell Support Center
Digital Video Repair 1.0
DVD Shrink 3.2
eMule
Foxit PDF Editor
Galerie de photos Windows Live
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Earth
Guide de l'utilisateur
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) TV Wizard
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Jaws PDF Creator 4.1
Junk Mail filter update
LauncherMA
Magic DVD Ripper V5.3 build 8
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music NFO Builder v1.20
neroxml
Outil de téléchargement Windows Live
Photo to Cartoon
PhotoFiltre
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SWF Opener
Switch Uninstall
Ulead PhotoImpact 3.02 Special Edition
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
VBA (2627.01)
VBA (2627.5)
VCRedistSetup
VideoGet
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
Vuze
Vuze Toolbar
Vuze_Remote Toolbar
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live FolderShare
Windows Live Mail
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
WinRAR archiver
Xobni
Xobni Core

==== End Of File ===========================

And the Ark log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 13:07:08
Windows 6.1.7600
Running: download[1].exe; Driver: C:\Users\NOTREO~1\AppData\Local\Temp\ugliypob.sys

---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C32AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C32104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C323F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C1A634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C1A898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C321DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C32958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C326F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C32F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                               82C331A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                        82C92599 1 Byte [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                 82CB6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc           C:\Windows\System32\drivers\volmgrx.sys                                                                                                entry point in ".rsrc" section [0x8399C014]
.text           peauth.sys                                                                                                                             9C60AC9D 28 Bytes [1E, B5, 5F, A0, 00, 02, EA, ...]
.text           peauth.sys                                                                                                                             9C60ACC1 28 Bytes [1E, B5, 5F, A0, 00, 02, EA, ...]
PAGE            peauth.sys                                                                                                                             9C610B9B 63 Bytes [67, BC, D7, 03, 5A, 80, F1, ...]
PAGE            peauth.sys                                                                                                                             9C610BEC 111 Bytes JMP A9655113
PAGE            peauth.sys                                                                                                                             9C610E20 101 Bytes [26, DE, 37, 4D, 3A, 93, 0F, ...]
PAGE            ...

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory                                                                  77935360 5 Bytes JMP 000D000A
.text           C:\Windows\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory                                                                    77935EE0 5 Bytes JMP 0021000A
.text           C:\Windows\system32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher                                                               77936448 5 Bytes JMP 000C000A
.text           C:\Windows\system32\svchost.exe[968] ole32.dll!CoCreateInstance                                                                        772457FC 5 Bytes JMP 0043000A
.text           C:\Windows\system32\svchost.exe[968] USER32.dll!GetCursorPos                                                                           770DC198 5 Bytes JMP 00A3000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!NtProtectVirtualMemory                                                 77935360 5 Bytes JMP 0023000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!NtWriteVirtualMemory                                                   77935EE0 5 Bytes JMP 0024000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ntdll.dll!KiUserExceptionDispatcher                                              77936448 5 Bytes JMP 0022000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamW                                                    770D9BFF 5 Bytes JMP 6AFDC548 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EnableWindow                                                          770DA72E 5 Bytes JMP 6AFDC4C3 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetAsyncKeyState                                                      770DC09A 5 Bytes JMP 6AF9D6C9 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!UnhookWindowsHookEx                                                   770DCC7B 5 Bytes JMP 6B0982FA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CallNextHookEx                                                        770DCC8F 5 Bytes JMP 6B079D00 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateWindowExW                                                       770E0E51 5 Bytes JMP 6B0880F7 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetWindowsHookExW                                                     770E210A 5 Bytes JMP 6B0345DB C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!GetKeyState                                                           770E4FDA 5 Bytes JMP 6AFDD73A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessageW                                                      770E6F06 5 Bytes JMP 6AFA425C C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogParamA                                                    770F3E79 5 Bytes JMP 6B1AFE19 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!IsDialogMessage                                                       770F407A 5 Bytes JMP 6B1AF6BA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamA                                            770F9110 5 Bytes JMP 6B1AFE50 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!CreateDialogIndirectParamW                                            771008AD 5 Bytes JMP 6B1AFE87 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamW                                               77104AA7 5 Bytes JMP 6B1AF218 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!EndDialog                                                             7710555C 5 Bytes JMP 6AFA5AC1 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamW                                                       7710564A 5 Bytes JMP 6AFA4B7F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetKeyboardState                                                      77106B52 5 Bytes JMP 6B1AFA1F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SendInput                                                             77107055 5 Bytes JMP 6B1B05E8 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!SetCursorPos                                                          7711C1D8 5 Bytes JMP 6B1B0640 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxParamA                                                       7711CF6A 5 Bytes JMP 6B1AF1B5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!DialogBoxIndirectParamA                                               7711D29C 5 Bytes JMP 6B1AF27B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectA                                                   7712E8C9 5 Bytes JMP 6B1AF14A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxIndirectW                                                   7712E9C3 5 Bytes JMP 6B1AF0DF C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExA                                                         7712EA29 5 Bytes JMP 6B1AF07D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!MessageBoxExW                                                         7712EA4D 5 Bytes JMP 6B1AF01B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] USER32.dll!keybd_event                                                           7712EC9B 5 Bytes JMP 6B1B0973 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45BA                                     7641B3E8 4 Bytes [11, 36, DB, 68]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] SHELL32.dll!SHChangeNotification_Lock + 45C2                                     7641B3F0 8 Bytes [5F, 35, DB, 68, D0, 73, DA, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!OleLoadFromStream                                                      771F5B88 5 Bytes JMP 6B1AF576 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3184] ole32.dll!CoCreateInstance                                                       772457FC 5 Bytes JMP 6B088BE5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!NtProtectVirtualMemory                                                 77935360 5 Bytes JMP 001C000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!NtWriteVirtualMemory                                                   77935EE0 5 Bytes JMP 0034000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] ntdll.dll!KiUserExceptionDispatcher                                              77936448 5 Bytes JMP 001B000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateDialogParamW                                                    770D9BFF 5 Bytes JMP 6AFDC548 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!EnableWindow                                                          770DA72E 5 Bytes JMP 6AFDC4C3 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!GetAsyncKeyState                                                      770DC09A 5 Bytes JMP 6AF9D6C9 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!UnhookWindowsHookEx                                                   770DCC7B 5 Bytes JMP 6B0982FA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CallNextHookEx                                                        770DCC8F 5 Bytes JMP 6B079D00 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateWindowExW                                                       770E0E51 5 Bytes JMP 6B0880F7 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!SetWindowsHookExW                                                     770E210A 5 Bytes JMP 6B0345DB C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!GetKeyState                                                           770E4FDA 5 Bytes JMP 6AFDD73A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!IsDialogMessageW                                                      770E6F06 5 Bytes JMP 6AFA425C C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateDialogParamA                                                    770F3E79 5 Bytes JMP 6B1AFE19 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!IsDialogMessage                                                       770F407A 5 Bytes JMP 6B1AF6BA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateDialogIndirectParamA                                            770F9110 5 Bytes JMP 6B1AFE50 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!CreateDialogIndirectParamW                                            771008AD 5 Bytes JMP 6B1AFE87 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamW                                               77104AA7 5 Bytes JMP 6B1AF218 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!EndDialog                                                             7710555C 5 Bytes JMP 6AFA5AC1 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamW                                                       7710564A 5 Bytes JMP 6AFA4B7F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!SetKeyboardState                                                      77106B52 5 Bytes JMP 6B1AFA1F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!SendInput                                                             77107055 5 Bytes JMP 6B1B05E8 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!SetCursorPos                                                          7711C1D8 5 Bytes JMP 6B1B0640 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxParamA                                                       7711CF6A 5 Bytes JMP 6B1AF1B5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!DialogBoxIndirectParamA                                               7711D29C 5 Bytes JMP 6B1AF27B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectA                                                   7712E8C9 5 Bytes JMP 6B1AF14A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxIndirectW                                                   7712E9C3 5 Bytes JMP 6B1AF0DF C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExA                                                         7712EA29 5 Bytes JMP 6B1AF07D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!MessageBoxExW                                                         7712EA4D 5 Bytes JMP 6B1AF01B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] USER32.dll!keybd_event                                                           7712EC9B 5 Bytes JMP 6B1B0973 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] SHELL32.dll!SHChangeNotification_Lock + 45BA                                     7641B3E8 4 Bytes [11, 36, DB, 68]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] SHELL32.dll!SHChangeNotification_Lock + 45C2                                     7641B3F0 8 Bytes [5F, 35, DB, 68, D0, 73, DA, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] ole32.dll!OleLoadFromStream                                                      771F5B88 5 Bytes JMP 6B1AF576 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[3992] ole32.dll!CoCreateInstance                                                       772457FC 5 Bytes JMP 6B088BE5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] ntdll.dll!NtProtectVirtualMemory                                                 77935360 5 Bytes JMP 0031000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] ntdll.dll!NtWriteVirtualMemory                                                   77935EE0 5 Bytes JMP 0032000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] ntdll.dll!KiUserExceptionDispatcher                                              77936448 5 Bytes JMP 0030000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CreateDialogParamW                                                    770D9BFF 5 Bytes JMP 6AFDC548 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!EnableWindow                                                          770DA72E 5 Bytes JMP 6AFDC4C3 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!GetAsyncKeyState                                                      770DC09A 5 Bytes JMP 6AF9D6C9 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!UnhookWindowsHookEx                                                   770DCC7B 5 Bytes JMP 6B0982FA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CallNextHookEx                                                        770DCC8F 5 Bytes JMP 6B079D00 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CreateWindowExW                                                       770E0E51 5 Bytes JMP 6B0880F7 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!SetWindowsHookExW                                                     770E210A 5 Bytes JMP 6B0345DB C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!GetKeyState                                                           770E4FDA 5 Bytes JMP 6AFDD73A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!IsDialogMessageW                                                      770E6F06 5 Bytes JMP 6AFA425C C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CreateDialogParamA                                                    770F3E79 5 Bytes JMP 6B1AFE19 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!IsDialogMessage                                                       770F407A 5 Bytes JMP 6B1AF6BA C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CreateDialogIndirectParamA                                            770F9110 5 Bytes JMP 6B1AFE50 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!CreateDialogIndirectParamW                                            771008AD 5 Bytes JMP 6B1AFE87 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!DialogBoxIndirectParamW                                               77104AA7 5 Bytes JMP 6B1AF218 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!EndDialog                                                             7710555C 5 Bytes JMP 6AFA5AC1 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!DialogBoxParamW                                                       7710564A 5 Bytes JMP 6AFA4B7F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!SetKeyboardState                                                      77106B52 5 Bytes JMP 6B1AFA1F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!SendInput                                                             77107055 5 Bytes JMP 6B1B05E8 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!SetCursorPos                                                          7711C1D8 5 Bytes JMP 6B1B0640 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!DialogBoxParamA                                                       7711CF6A 5 Bytes JMP 6B1AF1B5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!DialogBoxIndirectParamA                                               7711D29C 5 Bytes JMP 6B1AF27B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!MessageBoxIndirectA                                                   7712E8C9 5 Bytes JMP 6B1AF14A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!MessageBoxIndirectW                                                   7712E9C3 5 Bytes JMP 6B1AF0DF C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!MessageBoxExA                                                         7712EA29 5 Bytes JMP 6B1AF07D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!MessageBoxExW                                                         7712EA4D 5 Bytes JMP 6B1AF01B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] USER32.dll!keybd_event                                                           7712EC9B 5 Bytes JMP 6B1B0973 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] SHELL32.dll!SHChangeNotification_Lock + 45BA                                     7641B3E8 4 Bytes [11, 36, DB, 68]
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] SHELL32.dll!SHChangeNotification_Lock + 45C2                                     7641B3F0 8 Bytes [5F, 35, DB, 68, D0, 73, DA, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] ole32.dll!OleLoadFromStream                                                      771F5B88 5 Bytes JMP 6B1AF576 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4596] ole32.dll!CoCreateInstance                                                       772457FC 5 Bytes JMP 6B088BE5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[5332] ntdll.dll!NtProtectVirtualMemory                                                                         77935360 5 Bytes JMP 0044000A
.text           C:\Windows\Explorer.EXE[5332] ntdll.dll!NtWriteVirtualMemory                                                                           77935EE0 5 Bytes JMP 0049000A
.text           C:\Windows\Explorer.EXE[5332] ntdll.dll!KiUserExceptionDispatcher                                                                      77936448 5 Bytes JMP 003F000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] ntdll.dll!NtProtectVirtualMemory                                                 77935360 5 Bytes JMP 0024000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] ntdll.dll!NtWriteVirtualMemory                                                   77935EE0 5 Bytes JMP 0025000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] ntdll.dll!KiUserExceptionDispatcher                                              77936448 5 Bytes JMP 0012000A
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!CreateWindowExW                                                       770E0E51 5 Bytes JMP 6B0880F7 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!DialogBoxIndirectParamW                                               77104AA7 5 Bytes JMP 6B1AF218 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!DialogBoxParamW                                                       7710564A 5 Bytes JMP 6AFA4B7F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!DialogBoxParamA                                                       7711CF6A 5 Bytes JMP 6B1AF1B5 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!DialogBoxIndirectParamA                                               7711D29C 5 Bytes JMP 6B1AF27B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!MessageBoxIndirectA                                                   7712E8C9 5 Bytes JMP 6B1AF14A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!MessageBoxIndirectW                                                   7712E9C3 5 Bytes JMP 6B1AF0DF C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!MessageBoxExA                                                         7712EA29 5 Bytes JMP 6B1AF07D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5384] USER32.dll!MessageBoxExW                                                         7712EA4D 5 Bytes JMP 6B1AF01B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                  [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                   [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                 [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                 [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[568] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                 [75975E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [68D9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [68DA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                   [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [68D9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [68D9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [68D9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [68D9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [68DA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [68D9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [68DA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [68DA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [68DA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [68DA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [68DA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [68DA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [68DA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [68DA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [68DA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [68DA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [68DA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [68DA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [68DA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [68DA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [68DA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [68DA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [68DA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]               [68DA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]               [68DA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [68DA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [68DA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [68DA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [68DA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [68DA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [68DA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [68DA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [68DA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [68DA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [68DA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [68DA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [68DA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [68DA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [68DA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [68DA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [68DA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [68DA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [68DA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [68DA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [68DA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [68DA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [68DA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [68DA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [68DA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [68DA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [68DA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [68DA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [68DA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [68DA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [68DA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [68DA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [68DA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [68D9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [68DA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [68DA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [68DA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [68DA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [68D9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68D9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [68DA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [68D9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [68D9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [68DA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [68D9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [68D9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3184] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [68D9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [68DA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                   [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [68D9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [68D9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [68D9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [68D9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [68DA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [68D9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [68DA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [68DA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [68DA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [68DA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [68DA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [68DA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [68DA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [68DA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [68DA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [68DA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [68DA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [68DA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [68DA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [68DA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [68DA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [68DA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [68DA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]               [68DA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]               [68DA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [68DA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [68DA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [68DA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [68DA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [68DA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [68DA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [68DA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [68DA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [68DA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [68DA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [68DA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [68DA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [68DA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [68DA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [68DA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [68DA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [68DA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [68DA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [68DA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [68DA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [68DA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [68DA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [68DA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [68DA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [68DA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [68DA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [68DA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [68DA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [68DA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [68DA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [68DA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [68DA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [68D9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [68DA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [68DA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [68DA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [68DA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [68D9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68D9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [68DA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [68D9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [68D9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [68DA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [68D9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [68D9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[3992] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [68D9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [68DA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA]                   [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [68DA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [68D9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [68DA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [68DA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [68DA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [68D9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [68DA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [68DA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [68D9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [68D9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [68DA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                  [68DA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [68D9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [68DA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [68DA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [68DA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [68DA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [68DA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [68DA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [68DA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [68DA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [68DA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [68DA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [68DA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [68DA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [68DA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [68DA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [68DA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [68DA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [68DA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [68DA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW]               [68DA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW]               [68DA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW]                  [68DA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA]                  [68DA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [68DA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [68DA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [68DA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [68DA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW]                [68DA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [68DA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [68DA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [68DA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [68DA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [68DA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [68DA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [68DA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [68DA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [68DA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [68DA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [68DA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW]                  [68DA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [68DA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [68DA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [68DA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [68DA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [68DA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [68DA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [68DA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [68DA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [68DA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [68DA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [68DA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [68DA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [68DA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [68D9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [68DA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [68DA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [68DA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [68DA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [68D9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [68D9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68D9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [68DA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [68D9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [68D9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [68D9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [68DA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [68DA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [68D9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [68DA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [68D9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [68DA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [68DA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[4596] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [68D99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat                                                                                                               fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8664BEE4

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

that it and thank again ...

kevin27_b3d29f

1.5K Posts

0

June 17th, 2010 14:00

Hi,

You have a pretty nasty rootkit called TDL3. This can be cleaned but we have a bit of work to do.

Firstly;

Before we continue can I ask you to please read all the information in the link below as it contain information for Peer2Peer programs,
Not only is it illegal to download from P2P and torrent sites it is also a breeding ground for malware and more than likely the reason you were infected.
It would be futile to try and remove any infection on your system all the time P2P programs are installed.

Perils of P2P File Sharing

Then i need you to go to:

Start (windows icon bottom left corner of screen)
Control panel
Add/Remove programs
look for

eMule
Vuze
Vuze Toolbar
Vuze_Remote Toolbar

Uninstall
Reboot PC

Then please uninstalll anything else running on the machine that may relate to P2P files sharing or cracked Software.

The DDS log is also incomplete, please repost it for me <---Important

Thanks,
K27

kevin27_b3d29f

1.5K Posts

0

June 22nd, 2010 13:00

Hi ,

If you still require assistance please post back to this topic.

Thanks.

jeanfrancois

10 Posts

0

June 22nd, 2010 14:00

Yes i'm working a lot

here what you want

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4209

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010-06-19 11:12:27
mbam-log-2010-06-19 (11-12-27).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 141346
Temps écoulé: 14 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

DDS (Ver_10-03-17.01) - NTFSx86
Run by NOTRE ORDI at 12:41:45,66 on 2010-06-19
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.3317.2338 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081114-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Global Graphics\Jaws PDF Creator\PDFClient.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\PDFCreatorMessages.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\NOTRE ORDI\Documents\Downloads\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
uWindow Title = Internet Explorer fourni par Dell
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [2spscReg] c:\program files\proxy.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDFCreatorClient] "c:\program files\global graphics\jaws pdf creator\PDFClient.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [2spscReg] c:\program files\proxy.exe
mRun: [Spydig.exe] c:\program files\spydig\Spydig.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\notreo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\lanceur.lnk - c:\program files\micro application\LauncherMA.exe
StartupFolder: c:\users\notreo~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\notreo~1\appdata\roaming\mozilla\firefox\profiles\37c6f8yy.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-2 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-11-21 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-30 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-30 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-30 352920]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-21 30192]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-06-17 16:42:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 16:42:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 21:53:35 20 ----a-w- c:\windows\$ùz
2010-05-30 14:43:00 0 d-----w- C:\Lop SD
2010-05-29 11:51:59 0 d-----w- c:\program files\Digital Photo Recovery
2010-05-26 00:45:39 0 d---a-w- c:\programdata\TEMP

==================== Find3M ====================

2010-06-19 14:54:33 697670 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-19 14:54:32 128322 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-05 00:07:39 81920 ----a-w- c:\users\notreo~1\appdata\roaming\ezpinst.exe
2010-05-05 00:07:39 47360 ----a-w- c:\users\notreo~1\appdata\roaming\pcouffin.sys
2010-05-04 23:56:17 156984 ----a-w- c:\program files\proxy.exe
2010-05-04 23:33:20 11114 ----a-w- c:\programdata\MainApp.dll
2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-03 16:15:29 87608 ----a-w- c:\users\notreo~1\appdata\roaming\inst.exe
2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2009-07-14 08:39:32 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2009-07-14 08:39:32 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 21:34:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-22 21:34:58 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-22 21:34:58 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-22 21:34:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:42:55,50 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2009-11-18 21:39:49
System Uptime: 2010-06-19 10:56:00 (2 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 55,76 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9,923 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Cruzer
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#2585101870C120BF&0#
Manufacturer: SanDisk
Name: JF
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#2585101870C120BF&0#
Service: WUDFRd

==== System Restore Points ===================

RP132: 2010-06-17 10:24:32 - Point de contrôle planifié
RP133: 2010-06-18 09:30:17 - Removed Photo to Cartoon

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2 - Français
Adobe Shockwave Player 11
Assistant de connexion Windows Live ID
Assistant Personnalisation du systéme Dell
AutoCAD 2009 - Français
avast! Antivirus
Beyond Compare Version 2.5
Browser Address Error Redirector
CloneDVD2
ConvertXtoDVD 3.3.4.107
Dell Support Center
DVD Shrink 3.2
Foxit PDF Editor
Galerie de photos Windows Live
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Earth
Guide de l'utilisateur
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) TV Wizard
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Jaws PDF Creator 4.1
Junk Mail filter update
LauncherMA
Magic DVD Ripper V5.3 build 8
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Outil de téléchargement Windows Live
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
SWF Opener
Ulead PhotoImpact 3.02 Special Edition
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
VBA (2627.01)
VBA (2627.5)
VCRedistSetup
VideoGet
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live FolderShare
Windows Live Mail
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
WinRAR archiver
Xobni Core

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-19 13:12:45
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\NOTREO~1\AppData\Local\Temp\ugliypob.sys

---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303FAF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303F104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303F3F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 83027634
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 83027898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303F1DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303F958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303F6F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 8303FF2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                 830401A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                          82C58599 1 Byte [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                   82C7CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc           C:\Windows\System32\drivers\volmgrx.sys                                                                                  entry point in ".rsrc" section [0x839AA014]
.text           peauth.sys                                                                                                               AE36EC9D 28 Bytes [CF, 4B, 20, 5E, B7, 7B, 18, ...]
.text           peauth.sys                                                                                                               AE36ECC1 28 Bytes [CF, 4B, 20, 5E, B7, 7B, 18, ...]
PAGE            peauth.sys                                                                                                               AE374B9B 72 Bytes [E0, EE, BB, DB, 43, B2, 95, ...]
PAGE            peauth.sys                                                                                                               AE374BEC 111 Bytes [6E, 58, C4, 78, F1, C5, 78, ...]
PAGE            peauth.sys                                                                                                               AE374E20 101 Bytes [24, 53, 48, B3, 6B, 31, E6, ...]
PAGE            ...

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory                                                   76E25360 5 Bytes JMP 0036000A
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory                                                     76E25EE0 5 Bytes JMP 0037000A
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!KiUserExceptionDispatcher                                                76E26448 5 Bytes JMP 0035000A
.text           C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance                                                         76A957FC 5 Bytes JMP 0058000A
.text           C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos                                                            7563C198 5 Bytes JMP 0072000A
.text           C:\Windows\Explorer.EXE[1596] ntdll.dll!NtProtectVirtualMemory                                                           76E25360 5 Bytes JMP 001F000A
.text           C:\Windows\Explorer.EXE[1596] ntdll.dll!NtWriteVirtualMemory                                                             76E25EE0 5 Bytes JMP 0020000A
.text           C:\Windows\Explorer.EXE[1596] ntdll.dll!KiUserExceptionDispatcher                                                        76E26448 5 Bytes JMP 0016000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT             C:\Program Files\Micro Application\LauncherMA.exe[460] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [74E65E25] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat                                                                                                 fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8664BEE4

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Is it most simple to format and reinstall ???

kevin27_b3d29f

1.5K Posts

0

June 22nd, 2010 15:00

Hi,

Reformatting is really not necessary at this time, please proceed as follows:

PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.

Please post the Combofix log back to this thread.

Thanks.

jeanfrancois

10 Posts

0

June 22nd, 2010 19:00

that it

i Desactivate my avast but they say it's not ???

i start it anyway.

combofix log

ComboFix 10-06-22.02 - NOTRE ORDI 2010-06-22 21:08:27.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.3317.2293 [GMT -4:00]
Lancé depuis: c:\users\NOTRE ORDI\Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081114-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\NOTRE ORDI\AppData\Roaming\inst.exe
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\systeminfo3.dll
c:\windows\xpsp1hfm.log

Une copie infectée de c:\windows\system32\drivers\volmgrx.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
.

2010-06-23 01:17 . 2010-06-23 01:21 -------- d-----w- c:\users\NOTRE ORDI\AppData\Local\temp
2010-06-23 01:17 . 2010-06-23 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-23 01:17 . 2010-06-23 01:17 -------- d-----w- c:\users\Audrey\AppData\Local\temp
2010-06-22 20:18 . 2010-06-22 20:18 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDF79.tmp.exe
2010-05-30 14:43 . 2010-05-30 14:56 -------- d-----w- C:\Lop SD
2010-05-29 11:51 . 2010-05-29 12:40 -------- d-----w- c:\program files\Digital Photo Recovery

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 01:13 . 2009-07-14 08:39 697670 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-23 01:13 . 2009-07-14 08:39 128322 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-23 00:57 . 2010-05-08 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 14:54 . 2008-03-13 15:07 -------- d-----w- c:\program files\Azureus
2010-06-19 14:30 . 2009-05-11 18:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 14:29 . 2008-03-13 15:10 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Azureus
2010-06-19 13:45 . 2009-08-04 17:02 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\vlc
2010-06-19 13:40 . 2008-03-15 02:12 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-19 13:39 . 2009-08-29 20:16 -------- d-----w- c:\program files\Xobni
2010-06-19 13:37 . 2009-05-11 18:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-19 13:37 . 2008-03-20 14:15 -------- d-----w- c:\programdata\Lavasoft
2010-06-18 13:29 . 2008-12-26 16:12 -------- d-----w- c:\program files\Rising Research
2010-06-18 13:28 . 2008-01-15 13:29 -------- d-----w- c:\program files\eMule
2010-06-13 12:20 . 2007-10-21 23:29 -------- d-----w- c:\programdata\Roxio
2010-05-22 01:23 . 2008-11-27 16:35 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Vso
2010-05-19 02:04 . 2007-10-21 23:40 -------- d-----w- c:\program files\Google
2010-05-11 16:42 . 2008-03-13 16:13 186 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\Azureus\restart.bat
2010-05-08 19:03 . 2010-05-06 00:45 -------- d-----w- c:\program files\SpyDig
2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Malwarebytes
2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\programdata\Malwarebytes
2010-05-07 22:16 . 2009-12-19 20:29 -------- d-----w- c:\programdata\MysteryChronicles
2010-05-05 15:17 . 2010-05-05 15:17 50354 ----a-w- c:\users\Audrey\AppData\Roaming\Facebook\uninstall.exe
2010-05-05 15:17 . 2010-05-05 15:17 -------- d-----w- c:\users\Audrey\AppData\Roaming\Facebook
2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe
2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe
2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys
2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys
2010-05-05 00:04 . 2008-11-27 16:35 -------- d-----w- c:\program files\DVDFab 5
2010-05-04 23:56 . 2010-05-04 23:56 156984 ----a-w- c:\program files\proxy.exe
2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll
2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll
2010-05-04 21:53 . 2007-12-04 19:16 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\DVD Shrink
2010-04-13 20:27 . 2010-03-12 17:19 7282688 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-04-13 20:27 . 2010-03-12 17:19 4141117 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-04-12 21:29 . 2010-04-18 12:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-09 23:38 . 2010-04-09 23:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 00:38 . 2009-10-28 00:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 39408]
"2spscReg"="c:\program files\proxy.exe" [2010-05-04 156984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-28 30192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDFCreatorClient"="c:\program files\Global Graphics\Jaws PDF Creator\PDFClient.exe" [2006-10-11 438272]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"2spscReg"="c:\program files\proxy.exe" [2010-05-04 156984]
"Spydig.exe"="c:\program files\SpyDig\Spydig.exe" [2010-03-23 1332224]

c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\NOTRE ORDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-28 30192]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
S1 aswSP;avast! Self Protection;
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

.
Contenu du dossier 'Tâches planifiées'

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:49]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:49]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
FF - ProfilePath - c:\users\NOTRE ORDI\AppData\Roaming\Mozilla\Firefox\Profiles\37c6f8yy.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\PDFCreatorMessages.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2010-06-22 21:26:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-23 01:26

Avant-CF: 59 006 832 640 octets libres
Après-CF: 63 126 003 712 octets libres

- - End Of File - - 2712877A6838B9A43F02324878983FA7

kevin27_b3d29f

1.5K Posts

0

June 24th, 2010 14:00

PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

Next we are going to run Combo-Fix in a slightly different way

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:

Quote:

Folder::
C:\Lop SD
c:\program files\Azureus
c:\users\NOTRE ORDI\AppData\Roaming\Azureus
c:\program files\eMule

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please leave ALL active protection disabled while running the online scan

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please post back the new ComboFix log, the ESET log, and a status report on how the system is running.

Thanks

kevin27_b3d29f

1.5K Posts

0

June 28th, 2010 11:00

Hi,

I have received an E-Mail notifaction that you posted the CF log and the ESET log but it looks like it has been removed. (proberly due to using astric's and other symbols in place of certain words) please repost the logs for me.

Thanks.

kevin27_b3d29f

1.5K Posts

0

June 28th, 2010 15:00

My computer doing well I can do my windows update and my page don't be redirected That great !!!! Thank a lot for the help ...

Do you have some advice for not return in that problem again... And thank again..

your assistance is no more require...

If you would like to wrap this up then that's fine, but I'm not at the stage where I am willing to deem the system clean. Lack of symptoms does not necessarily mean lack of infection.
You had a nasty rootkit that could of been hiding all sorts, if you would like to continue, then that's fine (and strongly recommended you do), if so please repost the CF log and please uncheck wordwrap under the format tab of notepad before posting. I would also like to see the ESET log.

If you would like to finish this, then that is fine, but it is your call and I cannot guarantee that the system is clean.

Once we are finished I will post some advice on how to stay clean, but the one thing I will say is; DO NOT use P2P programs, that is why you were infected and it is how you will be infected again.

jeanfrancois

10 Posts

0

June 28th, 2010 15:00

I don't know what happent for the automatic e-mail ???

This is the new combofix log and eset.

ComboFix 10-06-25.01 - NOTRE ORDI 2010-06-25 16:40:31.3.2 - x86 Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.3317.2286 [GMT -4:00] Lancé depuis: c:\users\NOTRE ORDI\Documents\Downloads\ComboFix.exe Commutateurs utilisés :: c:\users\NOTRE ORDI\Documents\Downloads\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 081114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 081114-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} .

(((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) .

C:\Lop SD c:\lop sd\App-Prog.lsd c:\lop sd\AuDoss.lsd c:\lop sd\AutrInf.cmd c:\lop sd\AWF.cmd c:\lop sd\Back.cmd c:\lop sd\Backup-Lop\Hosts\hosts c:\lop sd\Backup-Lop\Reg\HKCU_Run.reg c:\lop sd\Backup-Lop\Reg\HKLM_Run.reg c:\lop sd\Backup-Lop\Reg\HKLM_Uninstall.reg c:\lop sd\Backup-Lop\Users\NOTREO~1\AppData\Roaming\MICROS~1\Windows\Cookies\notre_ordi@torrentqc[2].txt c:\lop sd\Boo.reg c:\lop sd\BooFix.cmd c:\lop sd\catchme.exe c:\lop sd\catchme.log c:\lop sd\Changelog Lop SD.txt c:\lop sd\Crack.txt c:\lop sd\DirectFix.cmd c:\lop sd\Discl_en.vbs c:\lop sd\Discl_fr.vbs c:\lop sd\Discl_ne.vbs c:\lop sd\Discl_sp.vbs c:\lop sd\Discl_su.vbs c:\lop sd\Doss.lsd c:\lop sd\exist.txt c:\lop sd\Icon_Lop.ico c:\lop sd\iNv.exe c:\lop sd\KILL.cmd c:\lop sd\Langues.cmd c:\lop sd\LopR_1.txt c:\lop sd\LopR_2.txt c:\lop sd\LopR_3.txt c:\lop sd\LopScript.cmd c:\lop sd\LopSD.cmd c:\lop sd\lsTasks.exe c:\lop sd\Orph.egd c:\lop sd\OsV.exe c:\lop sd\paths.bat c:\lop sd\Proc.txt c:\lop sd\pv.exe c:\lop sd\RegLop.reg c:\lop sd\Rkeys.txt c:\lop sd\RKit.lsd c:\lop sd\RoGUeS.lsd c:\lop sd\RunTool.txt c:\lop sd\S_LopV.cmd c:\lop sd\S_LopX.cmd c:\lop sd\sed.exe c:\lop sd\setpath.exe c:\lop sd\task.txt c:\lop sd\WhL.lsd c:\program files\Azureus c:\program files\Azureus\plugins\azemp\azemp_2.0.11.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.11.zip c:\program files\Azureus\plugins\azemp\azemp_2.0.14.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.14.zip c:\program files\Azureus\plugins\azemp\azemp_2.0.16.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.16.zip c:\program files\Azureus\plugins\azemp\azemp_2.0.30.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.30.zip c:\program files\Azureus\plugins\azemp\azemp_2.0.32.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.32.zip c:\program files\Azureus\plugins\azemp\azemp_2.0.34.jar c:\program files\Azureus\plugins\azemp\azemp_2.0.34.zip c:\program files\Azureus\plugins\azemp\azemp_2.1.02.jar c:\program files\Azureus\plugins\azemp\azemp_2.1.02.zip c:\program files\Azureus\plugins\azemp\azemp_2.1.06.jar c:\program files\Azureus\plugins\azemp\azemp_2.1.06.zip c:\program files\Azureus\plugins\azemp\azemp_3.1.6.jar c:\program files\Azureus\plugins\azemp\azemp_3.1.6.zip c:\program files\Azureus\plugins\azemp\azmplay.exe.bak c:\program files\Azureus\plugins\azemp\cp1250-a.raw.bak c:\program files\Azureus\plugins\azemp\cp1250-b.raw.bak c:\program files\Azureus\plugins\azemp\font.desc.bak c:\program files\Azureus\plugins\azemp\libmprCanvas_1.2.jar c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak c:\program files\Azureus\plugins\azemp\plugin.properties.bak c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.11 c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.14 c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.16 c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.30 c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.32 c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.34 c:\program files\Azureus\plugins\azemp\plugin.properties_2.1.02 c:\program files\Azureus\plugins\azemp\plugin.properties_2.1.06 c:\program files\Azureus\plugins\azemp\plugin.properties_3.1.6 c:\program files\Azureus\plugins\azemp\vuzeplayer.exe c:\program files\Azureus\plugins\azupdater\azupdater_1.8.10.zip c:\program files\Azureus\plugins\azupdater\azupdater_1.8.16.zip c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.10.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.16.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar c:\program files\Azureus\plugins\azupdater\Azureus2_4.2.0.8_P4.pat c:\program files\Azureus\plugins\azupdater\plugin.properties.bak c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.10 c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.16 c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8 c:\program files\Azureus\plugins\azupdater\Updater.jar.bak c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.17.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.17.zip c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.21.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.21.zip c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.jar c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.5.zip c:\program files\Azureus\plugins\azupnpav\plugin.properties.bak c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.0 c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.1 c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.17 c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.2 c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.21 c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.5 c:\program files\eMule c:\program files\eMule\config\addresses.dat c:\program files\eMule\config\eMule Light.tmpl c:\program files\eMule\config\eMule.tmpl c:\program files\eMule\config\preferences.ini c:\program files\eMule\config\server.met c:\program files\eMule\config\staticservers.dat c:\program files\eMule\config\webservices.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus c:\users\NOTRE ORDI\AppData\Roaming\Azureus\.certs c:\users\NOTRE ORDI\AppData\Roaming\Azureus\.keystore c:\users\NOTRE ORDI\AppData\Roaming\Azureus\.lock c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\03CB8A18DBD0EDF8411E69F51AC88B6DA4FD0798.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\03CB8A18DBD0EDF8411E69F51AC88B6DA4FD0798.dat.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\81D354386B302CB881AC8E20AA75C8E5595254E7.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\81D354386B302CB881AC8E20AA75C8E5595254E7.dat.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\83E509B3FDEDDDB6A8B0A6584AC209D99CF61B4B.dat._az.saving c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\83F7A78316DF94C004E5998DCE31718D55444D8A.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\83F7A78316DF94C004E5998DCE31718D55444D8A.dat.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\cache.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\E0A60F858E2C1885447BAC8E83DAA415586F729E.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\E0A60F858E2C1885447BAC8E83DAA415586F729E.dat.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\EF746E1DD3255E35B170848E6D04D75BB5308E71.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\active\EF746E1DD3255E35B170848E6D04D75BB5308E71.dat.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\azureus.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\azureus.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\azureus.statistics c:\users\NOTRE ORDI\AppData\Roaming\Azureus\azureus.statistics.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\banips.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\banips.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\cache\1191085919.ico c:\users\NOTRE ORDI\AppData\Roaming\Azureus\cnetworks.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\debug\image-0.jpg c:\users\NOTRE ORDI\AppData\Roaming\Azureus\devices.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\devices.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\dht\addresses.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\dht\contacts.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\dht\diverse.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\dht\general.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\dht\version.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\downloads.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\downloads.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\filters.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\ipfilter.cache c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\alerts_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\alerts_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\AutoSpeed_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\AutoSpeed_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\clientid_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\CNetworks_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\debug_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\debug_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\Devices_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\Friends_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\Friends_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_2758584889.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3740518317.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_4.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_5.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\MetaSearch_Engine_9.txt c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\NetStatus_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\seltrace_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\seltrace_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\SpeedMan_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\SpeedMan_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\Subscriptions_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\Subscriptions_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\thread_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\thread_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.ads_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.ads_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.CMsgr_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.emp_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.emp_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.Friends_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.Friends_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.MD_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.PMsgr_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.Stream_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.Stream_2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\v3.STres_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\logs\WP_xsearch_1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\metasearch.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\metasearch.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\net\pm_5769.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\net\pm_default.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.1.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.1.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.1 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azemp\videofiles.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\azitunes_0.2.3.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\azitunes_0.2.3.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\jacob_1.14.3.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess_0.1.2.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azitunes\plugin.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azump\azump_1.5.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azump\azump_1.5.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azump\mplayer.exe c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azump\mplayer\config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\plugin.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\plugin.properties_0.4.5 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Browser.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Browser.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_directTV.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_directTV.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_mp4.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_mp4.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPad.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodClassic.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodClassic.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodNano.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodNano.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodTouch.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodTouch.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-default.ffpreset c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipad.ffpreset c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipod640.ffpreset c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_HD.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_HD.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_SD.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_SD.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PSP.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PSP.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\TiVo_HD.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\TiVo_HD.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Wii.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Wii.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_HD.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_HD.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_SD.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_SD.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Zen.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Zen.properties.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.2.8.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.2.8.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.4.5.jar c:\users\NOTRE ORDI\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.4.5.zip c:\users\NOTRE ORDI\AppData\Roaming\Azureus\rcm.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\rcm.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\restart.bat c:\users\NOTRE ORDI\AppData\Roaming\Azureus\sidebarauto.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\sidebarauto.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\01D7FB72F0883670E7C6.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\01FE0E4954FEEB299706.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\020B78DB227ADCFC6D59.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\047969C2F30A401262F9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\048E3A3DB14656DB5C60.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\050E3F5B20E38D067E1E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0663DF8C2AFE423ACE07.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0671F95F795B125B8B9D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\06C0B3C32D4DC51AE2BC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\07B886D3DCDB3749CE9E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\080CBFDD763057C0601E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\08132C8CDD6B0D122699.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\08465B99DBB508CF06C9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\08B89DAF9CA5F1E2584A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\08B8FBBF3A53D7DF6203.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\08E717D48A971BC51AE1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\090F7C9CD181D711CDCE.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\09C5EF370AA8C1805B00.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0AC74425FCD696B95977.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0B335774B15DCD131FB0.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0BCEDC20644909B47FF9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0C09B63E9E28FA953B75.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\0F54C155C0ECEC4C36B3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\11C17078DCF36587B966.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\12E433396A25DDA51A9A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\152DDC20BCA924D06600.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\15F2C95FD482653CC000.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\15FDAEF9A78E0F1BB01A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\177BEAD0090D3FD31234.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\1B8FE2D62D304F24448A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\1E475C58FC9492E6C2F5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\21B6F154E1FA75E4DF0A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\23874448F3148CDD35E7.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\25BD5D11EB4E4D00F2A1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\263886D16E5E85EF545E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\2757E34B3081117F721B.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\27F02FAA375B41F54AFC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\282060E5CB26C70BF81B.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\287C662B25E9AD6E1547.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\2880053432E0C236EA74.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\2B75DC956F8847463D28.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\2BA7995F31C0864B0C07.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\2F49F690259E7CE44344.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\32E8D1849848B7F51127.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\32F5B535379596CC7D47.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\333C02F343225C492369.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\34D3AC388891E36C9B10.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\34EA21C3F1A9E6A58944.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\3607B0EFC48B9E83E6D6.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\3774F492F8108174D71D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\38743DC36526EEE39142.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\3972B11D11796FDC60AA.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\3D06106B599CCA034F2D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\3FCA4D1D4D009F8AA8A0.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\42683CD2BD7A768703AE.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\427B7DFE5FC91EFDC0BF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\439758D9EB3FF8D12020.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\447229A3A371779E8871.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\44EFE553C90798D0F472.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\469B9D7509111150B5D2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4710AC5F3D3C27F45E03.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\488DBD1471174318D6AC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4B399A8F0023AA6531D5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4CE1D58CBB25E9069A68.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4DB89BB311531CDA9163.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4F5D92DCB17E8F9148BB.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\4F93F7DA21CB3052ECB4.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\50D56696D83FB33766A1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\51DCEE091D9519C8D774.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5318EA0BF31F86C58EEC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\569FD5B0342FAF277CF9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\57CC638D7320B9564D4F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\581765478D3517627C73.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\593134AFE6DD0A09D54F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5A217F011BAB9B2DEB56.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5CBA0BA6AAA42E09B126.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5D8F876CECFBEFC75D23.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5DB2F40EF01E0A64FD24.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5E08384F3C29FCB89D12.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5E63A18159FE37E4603D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5E96932F1D4620262B1D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\5ECD259B911625A92131.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\624910A3A637947DE3C8.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\632A20E73961F1C133F2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\659E360DA4C7A78064E4.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\65D85767A5BC1B1B8F08.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\6742CB71DFB71C1C439E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\690E9EB57832EEC2420F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\6CE09097A11D11734008.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\6FBACF7088174152A66D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7076DB20A5F225DDB82C.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\737553100CB057ACF094.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7390271E93033371C94B.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\75B1507F402E4926D550.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\763C4AEFE8892D4749E3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7846B1993F2FE68414E5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7871378D986902AFE5F0.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\78BACEC66EE6473D54A1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\78D8A14122332B816B24.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7CBE532893A455CEF145.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7E025C6C46BD4B30D593.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\7F1208C4D07EA84246F5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8060C3313C66DF45F383.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\816D7B7EA6C45ACA806F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\829E59C40EFFE22EB406.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\83CD46EEB00472E70A6A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8576DD9AC90FC79256F5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8702F1F661B0C592184A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\87ADF8E41A1DB5628FEF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\87BD246CA7B5FCEA26CF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\87E23B1872099785E348.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8A58D503C8E522B174D2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8C55A03E1C971FE5ADB6.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\8DE6E5753F5ADF094F49.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\9167E16C9B7944056AC7.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\91F71E44D89C4CFD7FCC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\93B716386602D52C6EB7.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\94CB449851EB9E765899.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\95B34C1A1F40931D0972.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\95B34C1A1F40931D0972.vuze.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\996B32759F0C63485E45.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\9B9B6DCAA5CBDE22CB82.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\9EDB83DD6C0E3248906A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A1D26F82A30D6241E9B9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A23ACC8C79B7BC4CF6D7.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A3CBD165FFD17EC012A1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A467A4E601BA7AF7C487.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A57341AB2AA7A98D5F19.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A6FB3E3A502BF7E49CF5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\A7051F98D010CEF03EB3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AA1C7E1985DA7E6C9408.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AA36395F0C99E87D7BD3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AA9A23B5897B4A074B3D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AB77A8E82C63A68AF3AB.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AC225B0B24A198E99835.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AE238A40E189FF666A5E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AF50E9C62BCF44AF85BC.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AF50E9C62BCF44AF85BC.vuze.1 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\AFC698BD1F88DFD87585.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\B30CD499084CF84AD03F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\B34B9E6E7F0B454C43E2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\B48052A7CE1A63842FA7.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\B64DB554A5B678BCBCA8.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\B9F9824CB0A991DE3AC4.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BA41FA85DE7262460A0E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BAD9AC808DA5DC699651.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BD9454C29AC5D494FFF5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BD983FE8568BB7732D56.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BE5CDA4B40FD9FD6D96D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BE8F00128E16C2645C50.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\BEB3A9D766A252C471C1.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C0F97932CCA7BE4B0A06.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C1181DBAB72DD16EB649.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C2265C8B560C7159279A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C2D8E4DAE897328B413A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C5A06F3AD9151B1408E8.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\C732D6BA9C09C29B2FA3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\CB35A320C38B66808273.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\CC8FE16A92ADB252849C.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\CD3F2E493BE1D6845280.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\D0123A4706CE24D03A14.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\D12BFDCFD7B9345DC421.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\D430901023DA75594565.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\D501F467CD8CE7C161A3.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\DADC7CE2609F97B8A5D5.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\DB8EBA0A8243FAC1DD16.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\DC455E14BB0EA4F1D5F9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\DD2FFBE3348E4899278F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E01DCA8F4B6A7A5A27D8.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E1F3CC8FBE5F02D2E1BB.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E28C3EBD157D5105AFF9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E49CE76DCCFB63FD55DF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E67D8443DF3B6D5C02B4.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E6925ADD353B0CC4752A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E7F62335DD9830610270.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E89F36E10C4126BCD0C2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E8CB9DDFE8782A1715B2.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E93F118738A6A1E81C8F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\E95373D67F879D52B60D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\ED1B44FA092775A661D9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\ED480DBFB4A3A7DE125D.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\EF0B9C6DCE240E6A2029.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F1E7BAC54103BB2A3742.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F2E6D4EFBB83F92D8CE9.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F3734C84AFAE355254EF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F3C1EB05F08F2BB8A50F.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F4F20D4DEA2251CB0F5E.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F55CFA86DE0798F2E798.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F6EB481F42D7A6D98C5A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\F91977B5307E26B3E155.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\FAFAC4AB5C0D93AD5B55.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\FCC85A671C589DE02BA0.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\FCD3F87F448AA8919821.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\FD6CF4E3E1FFB5A69D5A.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subs\FE668F6D3C45C50320CF.vuze c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subscriptions.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\subscriptions.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tables.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tables.config.bak c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\AZU1060111432394028057.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\AZU2548168504166146761.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\AZU3004569742323364874.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\AZU5870457310583923957.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\AZU888441145420415783.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\tmp\speedTestTorrent.torrent c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\1679021 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\1921395 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\1922514 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\2363809 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\3030441 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\934937 c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU11939.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU1203.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU14032.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU1441483880557449501.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU15934.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU16543.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU16546.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU19144.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU19149.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU19917.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU2018706002242889683.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU2152829285812629951.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU21554.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU22388.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU23251.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU2338354388272727801.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU23733.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU24756.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU25442.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU26226.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU26387.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU27769.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU30740.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU3334.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU3338.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU34391.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU37043.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU41031.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU41128.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU45285.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU47688.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU47694.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU51493.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU51495.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU54608.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU54932.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU561655987962147027.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU5674669064897890963.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU6078953023646030011.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU64514.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU64516.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU64519.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU65083.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU6863690100599066137.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU8922551350643742463.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU9006929336138405601.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\torrents\AZU9113.tmp c:\users\NOTRE ORDI\AppData\Roaming\Azureus\update.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\update.properties c:\users\NOTRE ORDI\AppData\Roaming\Azureus\upnp_trace1.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\upnp_trace2.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\upnp_trace3.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\upnp_trace4.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\upnp_trace5.log c:\users\NOTRE ORDI\AppData\Roaming\Azureus\VuzeActivities.config c:\users\NOTRE ORDI\AppData\Roaming\Azureus\VuzeActivities.config.bak

. ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-25 au 2010-06-25 )))))))))))))))))))))))))))))))))))) .

2010-06-25 20:49 . 2010-06-25 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-25 20:49 . 2010-06-25 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-23 01:41 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 01:41 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-23 01:41 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-23 01:41 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-23 01:41 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 01:26 . 2010-06-25 20:49 -------- d-----w-c:\users\NOTRE ORDI\AppData\Local\temp 2010-06-22 20:18 . 2010-06-22 20:18 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDF79.tmp.exe 2010-05-29 11:51 . 2010-05-29 12:40 -------- d-----w-

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) .

2010-06-25 20:06 . 2009-07-14 08:39 707146 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-25 20:06 . 2009-07-14 08:39 131392 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-23 01:51 . 2010-04-18 21:35 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-23 01:51 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-06-23 01:50 . 2008-02-22 18:48 -------- d-----w- c:\programdata\Microsoft Help 2010-06-23 01:44 . 2009-11-19 02:58 -------- d-----w- c:\program files\Microsoft 2010-06-23 01:41 . 2008-02-22 18:55 -------- d-----w- c:\program files\Microsoft.NET 2010-06-23 00:57 . 2010-05-08 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 14:30 . 2009-05-11 18:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-19 13:45 . 2009-08-04 17:02 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\vlc 2010-06-19 13:40 . 2008-03-15 02:12 -------- d-----w- c:\program files\NCH Swift Sound 2010-06-19 13:39 . 2009-08-29 20:16 -------- d-----w- c:\program files\Xobni 2010-06-19 13:37 . 2009-05-11 18:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-06-19 13:37 . 2008-03-20 14:15 -------- d-----w- c:\programdata\Lavasoft 2010-06-18 13:29 . 2008-12-26 16:12 -------- d-----w- c:\program files\Rising Research 2010-06-13 12:20 . 2007-10-21 23:29 -------- d-----w- c:\programdata\Roxio 2010-05-27 07:24 . 2010-06-23 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-23 01:39 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-22 01:23 . 2008-11-27 16:35 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Vso 2010-05-21 18:14 . 2009-10-02 19:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-06-23 01:39 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-19 02:04 . 2007-10-21 23:40 -------- d-----w- c:\program files\Google 2010-05-09 09:14 . 2010-06-23 01:39 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-06-23 01:39 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-08 19:03 . 2010-05-06 00:45 -------- d-----w- c:\program files\SpyDig 2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Malwarebytes 2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\programdata\Malwarebytes 2010-05-07 22:16 . 2009-12-19 20:29 -------- d-----w- c:\programdata\MysteryChronicles 2010-05-05 15:17 . 2010-05-05 15:17 50354 ----a-w- c:\users\Audrey\AppData\Roaming\Facebook\uninstall.exe 2010-05-05 15:17 . 2010-05-05 15:17 -------- d-----w- c:\users\Audrey\AppData\Roaming\Facebook 2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe 2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe 2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys 2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys 2010-05-05 00:04 . 2008-11-27 16:35 -------- d-----w- c:\program files\DVDFab 5 2010-05-04 23:56 . 2010-05-04 23:56 156984 ----a-w- c:\program files\proxy.exe 2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll 2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll 2010-05-04 21:53 . 2007-12-04 19:16 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\DVD Shrink 2010-05-01 14:49 . 2010-06-23 01:39 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 07:13 . 2010-06-23 01:39 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-12 21:29 . 2010-04-18 12:50 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-09 23:38 . 2010-04-09 23:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-10-28 00:38 . 2009-10-28 00:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe .

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

. . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 39408] "2spscReg"="c:\program files\proxy.exe" [2010-05-04 156984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352] "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-28 30192] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PDFCreatorClient"="c:\program files\Global Graphics\Jaws PDF Creator\PDFClient.exe" [2006-10-11 438272] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "2spscReg"="c:\program files\proxy.exe" [2010-05-04 156984] "Spydig.exe"="c:\program files\SpyDig\Spydig.exe" [2010-03-23 1332224] c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\users\NOTRE ORDI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-28 30192] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400] S1 aswSP;avast! Self Protection; S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] . Contenu du dossier 'Tâches planifiées' 2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:49] 2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 01:49] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ig/dell?hl=fr&client=dell-row&channel=ca&ibd=0071022 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab FF - ProfilePath - c:\users\NOTRE ORDI\AppData\Roaming\Mozilla\Firefox\Profiles\37c6f8yy.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . .

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2010-06-25 16:53:10 ComboFix-quarantined-files.txt 2010-06-25 20:53 ComboFix2.txt 2010-06-23 01:26 Avant-CF: 65 390 964 736 octets libres Après-CF: 64 983 961 600 octets libres - - End Of File - - 1A2A2BFD19ECE58B0500470E3AA7DEEB Eset log C:\Program Files\SpyDig\RkHitApi.dll Win32/Adware.SpywareCease application cleaned by deleting - quarantined C:\Program Files\SpyDig\spkdll.dll Win32/Adware.SpywareCease application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RKHit.sys.vir Win32/Adware.SpywareCease application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volmgrx.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined C:\Users\NOTRE ORDI\Documents\Jeux\Pop Cap Games\ECLIPSE KEYGEN REFLEXIVE 2006 (clé)\Reflexive Universal keyGen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Users\NOTRE ORDI\Downloads\Spydig_Setup.exe Win32/Adware.SpywareCease application deleted - quarantined C:\Users\NOTRE ORDI\Downloads\Utilités\Nero 8 Ultra Edition 8.1.1.3\Nero-8.1.1.3.exe Win32/Toolbar.AskSBar application deleted - quarantined C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\79388c95-4f8c900d Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined C:\Windows\winsxs\x86_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_6.1.7600.16385_none_dcd91825e77c6c5d\volmgrx.sys Win32/Olmarik.ZC trojan error while cleaning

My computer doing well I can do my windows update and my page don't be redirected That great !!!! Thank a lot for the help ...

Do you have some advice for not return in that problem again... And thank again..

your assistance is no more require...

________________________________________________________

jeanfrancois

10 Posts

0

June 28th, 2010 20:00

i do another cf and Eset

and this is my cf log

ComboFix 10-06-27.06 - NOTRE ORDI 2010-06-28 19:56:25.4.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.3317.2159 [GMT -4:00]
Lancé depuis: c:\users\NOTRE ORDI\Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081114-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\NOTRE ORDI\AppData\Roaming\Microsoft\Windows\Recent\OneNote Table Of Contents.onetoc2

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-28 au 2010-06-29 ))))))))))))))))))))))))))))))))))))
.

2010-06-29 00:02 . 2010-06-29 00:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-29 00:02 . 2010-06-29 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-29 00:02 . 2010-06-29 00:02 -------- d-----w- c:\users\Audrey\AppData\Local\temp
2010-06-25 21:04 . 2010-06-25 21:04 -------- d-----w- c:\program files\ESET
2010-06-23 01:41 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 01:41 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 01:41 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 01:41 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 01:41 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 01:17 . 2010-06-29 00:03 -------- d-----w- c:\users\NOTRE ORDI\AppData\Local\temp
2010-06-22 20:18 . 2010-06-22 20:18 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDF79.tmp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 17:53 . 2007-10-21 23:29 -------- d-----w- c:\programdata\Roxio
2010-06-28 16:28 . 2009-07-14 08:39 707146 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-28 16:28 . 2009-07-14 08:39 131392 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-25 21:27 . 2010-05-06 00:45 -------- d-----w- c:\program files\SpyDig
2010-06-23 01:51 . 2010-04-18 21:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-23 01:51 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-23 01:50 . 2008-02-22 18:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-23 01:44 . 2009-11-19 02:58 -------- d-----w- c:\program files\Microsoft
2010-06-23 01:41 . 2008-02-22 18:55 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 00:57 . 2010-05-08 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 14:30 . 2009-05-11 18:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-19 13:45 . 2009-08-04 17:02 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\vlc
2010-06-19 13:40 . 2008-03-15 02:12 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-19 13:39 . 2009-08-29 20:16 -------- d-----w- c:\program files\Xobni
2010-06-19 13:37 . 2009-05-11 18:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-19 13:37 . 2008-03-20 14:15 -------- d-----w- c:\programdata\Lavasoft
2010-06-18 13:29 . 2008-12-26 16:12 -------- d-----w- c:\program files\Rising Research
2010-05-29 12:40 . 2010-05-29 11:51 -------- d-----w- c:\program files\Digital Photo Recovery
2010-05-27 07:24 . 2010-06-23 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-23 01:39 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-22 01:23 . 2008-11-27 16:35 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Vso
2010-05-21 18:14 . 2009-10-02 19:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-23 01:39 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-19 02:04 . 2007-10-21 23:40 -------- d-----w- c:\program files\Google
2010-05-09 09:14 . 2010-06-23 01:39 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-23 01:39 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\Malwarebytes
2010-05-08 12:39 . 2010-05-08 12:39 -------- d-----w- c:\programdata\Malwarebytes
2010-05-07 22:16 . 2009-12-19 20:29 -------- d-----w- c:\programdata\MysteryChronicles
2010-05-05 15:17 . 2010-05-05 15:17 50354 ----a-w- c:\users\Audrey\AppData\Roaming\Facebook\uninstall.exe
2010-05-05 15:17 . 2010-05-05 15:17 -------- d-----w- c:\users\Audrey\AppData\Roaming\Facebook
2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe
2010-05-05 00:07 . 2010-05-05 00:07 81920 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\ezpinst.exe
2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys
2010-05-05 00:07 . 2008-11-27 16:35 47360 ----a-w- c:\users\NOTRE ORDI\AppData\Roaming\pcouffin.sys
2010-05-05 00:04 . 2008-11-27 16:35 -------- d-----w- c:\program files\DVDFab 5
2010-05-04 23:56 . 2010-05-04 23:56 156984 ----a-w- c:\program files\proxy.exe
2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll
2010-05-04 23:33 . 2010-05-04 23:37 11114 ----a-w- c:\programdata\MainApp.dll
2010-05-04 21:53 . 2007-12-04 19:16 -------- d-----w- c:\users\NOTRE ORDI\AppData\Roaming\DVD Shrink
2010-05-01 14:49 . 2010-06-23 01:39 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-06-23 01:39 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-12 21:29 . 2010-04-18 12:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-09 23:38 . 2010-04-09 23:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 00:38 . 2009-10-28 00:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.