New Windows Vista Computer infected with WINTEMS.EXE

O

oheretic

New member
Hello to everybody,

We have a new (two months) computer with the windows Vista operating system, which has become infected with the Wintems.exe virus (part of a Trojan I understand)

It is a family computer and to be honest - It is my stupid fault! I allowed another member of the family (who shall remain nameless!) to use the internet before we had adequately installed an updated the virus software.

I'm a bit of a bodger when it comes to computers - I know a few tips and tricks, but only from friends and what I've picked up from articles on the net. This is way beyond me so, I must now throw myself on the mercy of one of your kind voluteers.

I have read your article on what to do before posting and have downloaded Kaspersky log and Hijackthis and run their scans. Spybot was downloaded and installed, but was instantly deleted - but I gather from reading up that this is something this virus does (?)

Here are a few other things I have managed to find out:

Wintems.exe can be deleted, but will be put back on after deletion (cloning - am I right?)
It disables Windows Defender
It disables Windows Updater
Both of these can be turned back on manually, but are always disabled on start up.
It will not allow you to install a particular Windows security update (KB943078) - when you try it disables the windows module installer.
It will not let you install virus software, or will let it install and then instantly delete it (have tried AVG and Zonealarm)
Windows notification noise can be heard in the background (like when stopping a pop-up) even when you do not have a web page up.

Any and all assistance would be greatly appreciated.
 
Here is the Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 12:22:22 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512504
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 139789
Number of viruses found: 3
Number of infected objects: 69
Number of suspicious objects: 0
Duration of the scan process: 00:48:26

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-3770382818-2740039830-395197255-1000\$RRD70MF.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.101.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.101.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy820.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf14AC.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf14CC.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TM.blf Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Defender\FileTracker\{474979DF-51A8-4A9D-9B62-7A05D4066E72} Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\oheretic\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\oheretic\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\oheretic\NTUSER.DAT Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG1 Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG2 Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ehome\mcupdate.exe Object is locked skipped
C:\Windows\exefld\101288937.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\105421906.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\108812109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\1103250.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\111703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\1118000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\114515.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\114726453.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\119546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\120022312.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\127484.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\128343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\129410062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\134740406.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\Windows\exefld\144189296.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\145296.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\146510765.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\14831578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\14862109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\14927000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\153000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\161074250.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\168593.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\17183234.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\175901828.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\186565281.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\186574531.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\193468.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\210258984.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\210268140.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\31839953.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\32153531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\38710062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\44018500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\57329281.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\58560796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\63054328.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\64769109.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\71925046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\71932843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\73232437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\76240656.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\78951875.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\81562.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\815921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\81621562.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\86610718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\88146468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\90811750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\93756546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\96027828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{8EDD1A3C-2E1D-4B5E-8340-D7FBE8C84087}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped


CONTINUED IN FOLLOWING POST!
 
CONTINUED AS TOO LONG FOR PREVIOUS POST (am I doing this right?)

C:\Windows\System32\chkdsk.exe Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\down\105228296.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\108605718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\117069734.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\119732859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\131681359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\146180609.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\14867406.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\148776734.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\148784984.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\163279843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\186442062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\29108546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\78914156.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\90694781.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\90713750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\93466546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\93709062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\ntoskrnl.exe Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16386_none_c6660fc3aee34dc4\mcupdate.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe Object is locked skipped

Scan process completed.
 
AND THE HIJACKTHIS REPORT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:20, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7724 bytes
 
Hi oheretic

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
 
Hello Shaba, thank you very much for your response.

I have followed your instructions and here are the results:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-21 17:41:22
Windows 6.0.6000


---- System - GMER 1.0.13 ----

SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwCreateFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwEnumerateKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQueryDirectoryFile
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQueryKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQuerySystemInformation
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 688 81C809AC 2 Bytes CALL 7854F0E9

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamW 760714EA 5 Bytes JMP 6EB0166F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExA 7608570D 5 Bytes JMP 6EB015B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamA 760865BF 5 Bytes JMP 6EB01634 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectW 7608F1B3 5 Bytes JMP 6E991676 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamW 7609129F 5 Bytes JMP 6E96F2C1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamA 760B29C9 5 Bytes JMP 6EB016AA C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectA 760BFACF 5 Bytes JMP 6EB015F0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExW
 
---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6A418C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6A41952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6A419AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6A412E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6A412C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6A412A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6A419A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6A418F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6A41A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA]
 
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6A41952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6A419C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6A419A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6A419498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6A418EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW]
 
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [6CB813AA] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [100078C0] C:\Program Files\Orbitdownloader\orbitcth.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress]
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-3770382818-2740039830-395197255-1000\Software\Microsoft\Windows\CurrentVersion\Run@drvsyskit C:\Windows\system32\drivers\hidr.exe
Reg \Registry\USER\S-1-5-21-3770382818-2740039830-395197255-1000\Software\Microsoft\Windows\CurrentVersion\Run@german.exe C:\Windows\system32\wintems.exe
 
---- Files - GMER 1.0.13 ----

File C:\Program Files\Common Files\Portrait Displays\Shared
File C:\Program Files\Common Files\Portrait Displays\Shared\CleanReg.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe <-- ROOTKIT !!!
File C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\pdiactivex.ocx
File C:\Program Files\Common Files\Portrait Displays\Shared\pdiSlider.ocx
File C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\ResetPermission.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\supported.exe
File C:\Program Files\Movie Maker\Shared
File C:\Program Files\Movie Maker\Shared\Common.fxh
File C:\Program Files\Movie Maker\Shared\DissolveAnother.png
File C:\Program Files\Movie Maker\Shared\DissolveNoise.png
File C:\Program Files\Movie Maker\Shared\DvdStyles
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\babyblue.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\babypink.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\button-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\chapters-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\content-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\content-foreground.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\curtains.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\notes-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\play-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BlackRectangle.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_glass.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\cloud_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\DvdTransform.fx
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\pagecurl.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\dotslightoverlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\full.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\pushplaysubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\colorcycle.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\title_stripe.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\layers.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-next-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\button-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\button-overlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Notes_content-background.png
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\scrapbook.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_content-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_select-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\decorative_rule.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\vintage.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\720x480blacksquare.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Notes_loop.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\performance.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\redmenu.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Scene_loop.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Page.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\whitemenu.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-border.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\rollinghills.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\1047_576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\pushplaysubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push_item.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push_title.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\reflect.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\vistabg.png
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\shatter.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png
 
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\CircleSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\GoldRing.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\sports_disc_mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\720_480shadow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\photograph.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel
 
You must log in or register to reply here.
Back
Top