1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Laptop (XP OS) is running slow.

Discussion in 'Virus & Other Malware Removal' started by bipslittlegirl, Jan 25, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    My laptop is running very, very slow. It has an XP operating system, 16 bit. I am afraid it is about to crash on me. Can you help me please? I am attaching the asked for logs. I have to go back and run the GFER because it froze on me. Will attach that when I get it. Thanks!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:34:48 PM, on 1/25/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19393)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\ProgramData\WeCareReminder\ReminderHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Users\bipslittlegirl\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: CrossriderApp0004639 - {11111111-1111-1111-1111-110011461139} - C:\Program Files\SavingsApp\SavingsApp.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\bipslittlegirl\AppData\Roaming\Qwiklinx\Qwiklinx.dll
    O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    O2 - BHO: Freecause Shopping BHO - {8E51683A-EA9D-4127-AE14-A13294FF6F7C} - C:\Program Files\Shop to Win 19\Shop to Win 19.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files\generic\network printer wizard\npwprint.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    O23 - Service: NPWService - Unknown owner - C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 8279 bytes





    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19393
    Run by bipslittlegirl at 15:38:27 on 2013-01-25
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1151 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\aestsrv.exe
    C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Windows\system32\STacSV.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\ProgramData\WeCareReminder\ReminderHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar = Preserve
    uURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: SavingsApp: {11111111-1111-1111-1111-110011461139} - c:\program files\savingsapp\SavingsApp.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\bipslittlegirl\appdata\roaming\qwiklinx\Qwiklinx.dll
    BHO: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - c:\program files\surf canyon\surfcanyon.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\bipslittlegirl\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: Shop to Win: {8E51683A-EA9D-4127-AE14-A13294FF6F7C} - c:\program files\shop to win 19\Shop to Win 19.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
    BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{1D20983A-1401-44CA-94BD-DD6F732F8F3C} : DHCPNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
    TCP: Interfaces\{FA1A6543-94A3-4816-AF93-84481A747004} : DHCPNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-8 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-8 337880]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-29 31576]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-8 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-8 57688]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-2-26 179712]
    .
    =============== Created Last 30 ================
    .
    2013-01-25 18:23:08 -------- d-----w- c:\users\bipslittlegirl\appdata\roaming\Zeon
    2013-01-25 10:14:12 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4722dbba-516b-4a6d-ac1d-715d861eb314}\mpengine.dll
    2013-01-15 02:49:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2013-01-09 04:49:54 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 04:49:18 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 04:49:16 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2012-12-31 20:20:05 -------- d-----w- c:\users\bipslittlegirl\appdata\local\cache
    2012-12-31 20:19:17 -------- d-----w- c:\programdata\VTech
    2012-12-31 20:19:17 -------- d-----w- c:\program files\VTech
    .
    ==================== Find3M ====================
    .
    2013-01-20 16:32:32 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-09 02:10:27 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 02:10:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-09 10:37:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-09 10:36:28 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-11-09 10:36:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec
    2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-08 16:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 15:45:54.73 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 2/26/2009 12:33:33 PM
    System Uptime: 1/25/2013 4:18:46 AM (11 hours ago)
    .
    Motherboard: Dell Inc. | | 0DT492
    Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 62.67 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.665 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    5 Card Slingo Deluxe
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Action Replay Code Manager
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Audacity 1.3.13 (Unicode)
    avast! Free Antivirus
    AVG Security Toolbar
    Banctec Service Agreement
    Broadcom Management Programs
    Brother MFL-Pro Suite MFC-J430W
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    CWA Reminder by We-Care.com v4.1.18.3
    Dam Beavers
    DefaultTab
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Remote Access
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Wireless WLAN Card Utility
    DELL0604
    Digital Line Detect
    Domino Master Gold
    EDocs
    Fast Search
    FixCleaner
    Free PDF to Word Doc Converter v1.1
    Freeze.com NetAssistant
    FrostWire 4.21.1
    GameHouse Solitaire Challenge
    Google Update Helper
    GoToAssist 8.0.0.514
    Heartwild(TM) Solitaire
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Japanese Fonts Support For Adobe Reader 9
    Java(TM) 6 Update 7
    Junk Mail filter update
    Learning Lodge Navigator
    Mah Jong Adventures
    Mah Jong Medley
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Diagnostic Tool
    Monopoly by Parker Brothers
    Mplayer 0.6.9
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    NetAssistant
    NetWaiting
    Network Printer Wizard
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    OutlookAddinSetup
    PaperPort Image Printer
    Poppit! To Go
    QuickSet
    Qwiklinx
    RealArcade
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SavingsApp
    Scansoft PDF Professional
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Shop To Win
    Slingo Casino Pak
    Slingo Deluxe
    Slingo Quest
    Slingo Quest Hawaii
    Slingo Supreme
    Smart PC Cleaner v3.0
    The Weather Channel App
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VTech Download Agent Library
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Winferno Registry Power Cleaner
    WordJong(TM) To Go
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
     
  2. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Could never save to my desktop because it kept freezing on me. Found a log. Hope this is what you need. If not, please advise. Thank you!

    GMER 2.0.18444 - http://www.gmer.netRootkit scan 2013-01-06 20:21:33Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys---- Kernel code sections - GMER 2.0 ----.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 357 fffff880010c24d9 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 397 fffff880010c2501 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}---- Devices - GMER 2.0 ----Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}---- Trace I/O - GMER 2.0 ----Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS >>UNKNOWN [0xfffffa80024fbdd1]<< >>UNKNOWN [0xfffffa8000822064]<< intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8000822064Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8001348790] fffffa8001348790Trace 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800129d060] fffffa800129d060---- Disk sectors - GMER 2.0 ----Disk \Device\Harddisk0\DR0 Windows 7 default MBR code found via APIDisk \Device\Harddisk0\DR0 unknown MBR codeDisk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior---- EOF - GMER 2.0 ----ZAccess/x64GMER 2.0.18327 - http://www.gmer.netRootkit scan 2012-12-21 20:10:17Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys---- User code sections - GMER 2.0 ----.reloc C:\Windows\system32\services.exe [440] section is executable [0x4A8, 0xA0000020] 00000000ff532000---- Threads - GMER 2.0 ----Thread C:\Windows\system32\services.exe [440:1080] 00000000000d1e58---- EOF - GMER 2.0 [email protected]/x64GMER 2.0.17849 - http://www.gmer.netRootkit scan 2012-12-24 15:37:02Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 TOSHIBA_MK1255GSX_H rev.FG001Q 111.79GBRunning: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\uwldqpod.sys---- Devices - GMER 2.0 ----Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8002db8e84Device \Driver\volmgr \Device\FtControl fffffa8002db8e84Device \Driver\volmgr \Device\VolMgrControl fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8002db8e84---- Trace I/O - GMER 2.0 ----Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002db6560]<< ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8002db6560Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d94530] fffffa8002d94530Trace 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8001e42600] fffffa8001e42600Trace 5 ACPI.sys[fffff88000f45781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8002863060] fffffa8002863060Trace \Driver\atapi[0xfffffa8001e45060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002db6560 fffffa8002db6560---- Threads - GMER 2.0 ----Thread System [4:196] fffffa8002db8b24---- Disk sectors - GMER 2.0 ----Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behaviorDisk \Device\Harddisk0\DR0 suspicious partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 163840000---- EOF - GMER 2.0 ----TDL4/[email protected] 1.0.15.15570 - http://www.gmer.netRootkit scan 2011-03-21 22:34:17Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BB-22KEA0 rev.08.05J08Running: rplt1sur.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdrpob.sys---- System - GMER 1.0.15 ----SSDT 8A272CB8 ZwConnectPortSSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA3630350]SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA3630580]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F7000C.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0305000A.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0306000A.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0326000A.text C:\WINDOWS\System32\svchost.exe[968] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0108000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0182000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0183000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0167000C.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0153000A.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0154000A.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0152000C---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A78127FAttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200BB-22KEA0_____________________08.05J08#5&60ba549&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior---- EOF - GMER 1.0.15 ---- TDSSGMER 1.0.15.15121 - http://www.gmer.netRootkit scan 2009-10-03 13:54:24Windows 5.1.2600 Service Pack 2---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74CB380]---- Devices - GMER 1.0.15 ----Device \Driver\atapi \Device\Ide\IdePort0 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort1 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort2 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort3 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort4 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort5 [F74BE9F2] atapi.sys[unknown section]---- Processes - GMER 1.0.15 ----Library \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736] 0x10000000---- EOF - GMER 1.0.15 ----Tigger/SyzorGMER 1.0.15.14918 - http://www.gmer.netRootkit scan 2009-01-12 15:18:21Windows 5.1.2600 Dodatek Service Pack 2---- Kernel code sections - GMER 1.0.15 ----PAGEKD KDCOM.DLL!KdSendPacket F9F4D1B2 8 Bytes [FF, 35, 00, F0, 8F, 81, 9B, ...] {PUSH DWORD [0x818ff000]; WAIT ; RET }---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 1 Byte [55].text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 7 Bytes [55, FF, 25, 00, 00, F6, 00] {PUSH EBP; JMP [0xf60000]}.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 1 Byte [55].text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 7 Bytes [55, FF, 25, 00, 00, 1F, 01] {PUSH EBP; JMP [0x11f0000]}---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE F8B98880Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ F8B99E54Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ F8B99E54Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ F8B992DCDevice \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE F8B9932EDevice \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN F8B99FA0---- Threads - GMER 1.0.15 ----Thread System [4:300] F8B99EB4Thread System [4:1164] F8B99490Thread System [4:1740] F8B98988Thread System [4:1388] F8B9A022---- EOF - GMER 1.0.15 ----MBR rootkit/Mebroot/SinowalGMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2008-08-24 07:50:49Windows 5.1.2600 Service Pack 3---- Disk sectors - GMER 1.0.14 ----Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4Disk \Device\Harddisk0\DR0 sector 62: copy of MBR---- Kernel code sections - GMER 1.0.14 ----PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]PAGE ... ---- User code sections - GMER 1.0.14 ----.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57 .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4 .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00 ---- Devices - GMER 1.0.14 ----Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410---- Threads - GMER 1.0.14 ----Thread 4:796 855BBC80Thread 4:800 855A8D80Thread 4:804 85663DC0Thread 4:808 85594E00Thread 4:2856 855BBC80Thread 4:2860 855A8D80Thread 4:2864 85663DC0Thread 4:2868 85594E00---- EOF - GMER 1.0.14 ----C:\>mbr.exe -tStealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85938E90]<< kernel: MBR read successfullydetected MBR rootkit hooks:\Driver\atapi -> 0x85938e90\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8593fc20NDIS: Intel(R) 82566DM-2 Gigabit Network Connection -> SendCompleteHandler -> 0x8596e700Warning: possible MBR rootkit infection !copy of MBR has been found in sector 0x0100A757 malicious code @ sector 0x0100A75A !PE file found in sector at 0x0100A770 !MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.RioDrvs.sysGMER 1.0.13.12482 - http://www.gmer.netRootkit scan 2007-06-15 08:55:07Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.13 ----SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwCloseSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwCloseSSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriverSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriverSSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFileSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFileSSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey---- Processes - GMER 1.0.13 ----Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000 Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000 ---- Files - GMER 1.0.13 ----File C:\WINDOWS\linkinfo.dll File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!File C:\WINDOWS\system32\linkinfo.dll ---- Services - GMER 1.0.13 ----Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!---- EOF - GMER 1.0.13 ----VideoAti0.sysGMER 1.0.12.12070 - http://www.gmer.netRootkit scan 2007-02-26 15:38:06Windows 5.1.2600 Service Pack 2---- Kernel code sections - GMER 1.0.12 ----PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET ? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.---- Devices - GMER 1.0.12 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144ACDevice \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC---- Modules - GMER 1.0.12 ----Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000 ---- Files - GMER 1.0.12 ----File C:\WINDOWS\system32\drivers\VideoAti0.sys File C:\WINDOWS\system32\VideoAti0.dll File C:\WINDOWS\system32\VideoAti0.exe ---- EOF - GMER 1.0.12 ----wincom32.sysGMER 1.0.12.12012 - http://www.gmer.netRootkit scan 2007-02-04 13:46:33Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.12 ----SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!---- User code sections - GMER 1.0.12 ----.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 ---- Devices - GMER 1.0.12 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys---- Processes - GMER 1.0.12 ----Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248 ---- Services - GMER 1.0.12 ----Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!---- Files - GMER 1.0.12 ----File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf File C:\WINDOWS\system32\adir.dll File C:\WINDOWS\system32\adirss.exe File C:\WINDOWS\system32\taskdir.exe File C:\WINDOWS\system32\wincom32.ini File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!File C:\WINDOWS\system32\WindowsLogon.manifest ---- EOF - GMER 1.0.12 ----lzx32GMER 1.0.11.11310 - http://www.gmer.netRootkit 2006-09-14 09:31:21Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.11 ----SYSENTER ? F60FDFAF---- Modules - GMER 1.0.11 ----Module (noname) (*** hidden *** ) F60F9000 ---- Threads - GMER 1.0.11 ----Thread 4:1224 F60FC08A---- Services - GMER 1.0.11 ----Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!---- Files - GMER 1.0.11 ----ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!---- EOF - GMER 1.0.11 ----Gromozon RootkitGMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-31 14:25:26 Windows 5.1.2600 Service Pack 2 ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!! Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!! ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\mdoom1.dll File C:\WINDOWS\system32\lpt4.hzq ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Autostart 2006-08-31 14:27:47 Windows 5.1.2600 Service Pack 2 ...HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq ...HKLM\SYSTEM\CurrentControlSet\Services\ >>> SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe" ...HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll ...---- EOF - GMER 1.0.10 ---- pe386GMER 1.0.10.10108 - http://www.gmer.netRootkit 2006-05-25 14:32:07Windows 5.1.2600 Service Pack 1---- System - GMER 1.0.10 ----SYSENTER ? 00810005---- Devices - GMER 1.0.10 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0---- Services - GMER 1.0.10 ----Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!---- EOF - GMER 1.0.10 ----xdudmm.sys
    xdudtt.dllGMER 1.0.10.10108 - http://www.gmer.netRootkit 2006-05-24 00:29:02Windows 5.1.2600 ---- System - GMER 1.0.10 ----SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThreadSSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSectionSSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess---- Devices - GMER 1.0.10 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys---- Processes - GMER 1.0.10 ----Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!---- Services - GMER 1.0.10 ----Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!---- EOF - GMER 1.0.10 ----alco8drv.sysGMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.9 ---- ---- Devices - GMER 1.0.9 ---- Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11 ---- Processes - GMER 1.0.9 ---- Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\WINDOWS\system32\drivers\alco8drv.sys File C:\WINDOWS\system32\synbdusx.exe ---- EOF - GMER 1.0.9 ----imaslip.sysGMER 1.0.9.8110 - {http://www.gmer.net}Windows 5.1.2600 Dodatek Service Pack 2---- Devices - GMER 1.0.9 ----Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390---- Processes - GMER 1.0.9 ----Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!---- Files - GMER 1.0.9 ----File C:\WINDOWS\system32\drivers\imaslip.sys File C:\WINDOWS\system32\lsacap32.exe ---- EOF - GMER 1.0.9 ----ivdmt16.sys winlow.sysGMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 ---- System - GMER 1.0.9 ---- SSDT a347bus.sys ZwClose SSDT a347bus.sys ZwCreateKey SSDT a347bus.sys ZwCreatePagingFile SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!! SSDT a347bus.sys ZwEnumerateValueKey SSDT a347bus.sys ZwOpenKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryValueKey SSDT a347bus.sys ZwSetSystemPowerState ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\!KillBox\drct16.dll File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\WINDOWS\system32\cz.dll File C:\WINDOWS\system32\drct16.dll File C:\WINDOWS\system32\fltr.a3d File C:\WINDOWS\system32\hz.sys File C:\WINDOWS\system32\i.a3d File C:\WINDOWS\system32\klogini.dll File C:\WINDOWS\system32\mszx23.exe File C:\WINDOWS\system32\p2.ini File C:\WINDOWS\system32\redir.a3d File C:\WINDOWS\system32\tnfl.a3d File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\wz.sys File D:\System Volume Information\tracking.log ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!! Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!! ---- EOF - GMER 1.0.9 ----drmpdate.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \SystemRoot\System32\drivers\klif.sys ZwCloseSSDT d347bus.sys ZwCreateKeySSDT d347bus.sys ZwCreatePagingFileSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessExSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSectionSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThreadSSDT d347bus.sys ZwEnumerateKeySSDT d347bus.sys ZwEnumerateValueKeySSDT kl1.sys ZwOpenFileSSDT d347bus.sys ZwOpenKeySSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFileSSDT d347bus.sys ZwQueryKeySSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformationSSDT d347bus.sys ZwQueryValueKeySSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcessSSDT d347bus.sys ZwSetSystemPowerStateSSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcessSSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]---- Devices - GMER 1.0.9 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYSDevice \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8---- Processes - GMER 1.0.9 ----Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!---- Modules - GMER 1.0.9 ----Module _________ F846A000---- Services - GMER 1.0.9 ----Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvcReg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\[email protected] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUNReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\[email protected] 1Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvcReg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\[email protected] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUNReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\[email protected] 1Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2 Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] m_hook.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected] C:\\WINDOWS\\System32\\wintems.exeReg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected] C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe---- Files - GMER 1.0.9 ----File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidiresFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exeFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!File C:\\WINDOWS\\system32\\wintems.exe---- Services - GMER 1.0.9 ----Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ----VT100.EXEGMER 1.0.10.9819 - http://www.gmer.netRootkit 2006-05-04 18:30:25Windows 5.1.2600 Dodatek Service Pack 2---- Processes - GMER 1.0.10 ----Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!---- Registry - GMER 1.0.10 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] Emulator C:\WINDOWS\system32\VT100.EXE---- Files - GMER 1.0.10 ----File C:\WINDOWS\system32\VT100.EXE---- EOF - GMER 1.0.10 ----zopenssld.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Service Pack 2---- System - GMER 1.0.9 ----SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_runReg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_run---- Files - GMER 1.0.9 ----File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe File C:\WINDOWS\mcusi.dll File C:\WINDOWS\system32\epfpr.exe File C:\WINDOWS\system32\ogolrs.exe File C:\WINDOWS\system32\plmtcxj.exe File C:\WINDOWS\system32\unolibu.dll File C:\WINDOWS\system32\zopenssl.dll File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!---- Services - GMER 1.0.9 ----Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ---- sysbus32.sys---- System - GMER 1.0.8 ----SSDT 8182860A ZwEnumerateKeySSDT 818298B6 ZwQueryDirectoryFile---- Devices - GMER 1.0.8 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE---- Services - GMER 1.0.8 ----Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32---- Registry - GMER 1.0.8 ----Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...---- Files - GMER 1.0.8 ----File D:\WINDOWS\system32\drivers\sysbus32.sysavpe32.sys avpe64.sys avpe32.dll---- System - GMER 1.0.7 ----SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessExSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThreadSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFileSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation---- Processes - GMER 1.0.7 ----Process explorer.exe (*** hidden *** ) 1596File D:\WINDOWS\system32\avpe32.dll File D:\WINDOWS\system32\drivers\avpe64.sys File D:\WINDOWS\system32\klgcptini.dat File D:\WINDOWS\system32\stt82.ini isa32.sys + netpt.sys ---- System - GMER 1.0.6 ----SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKeySSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKeySSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcessSSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFileSSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE isa32.sysDevice \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sysDevice \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys---- Processes - GMER 1.0.6 ----Process svchost.exe (*** hidden *** ) 828Process perfont.exe (*** hidden *** ) 1276File C:\WINDOWS\system32\drivers\isa32.sys File C:\WINDOWS\system32\main6.exe File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf i386p.sys---- System - GMER 1.0.6 ----SSDT 81F7FA16 ZwEnumerateKeySSDT 81F7FABA ZwEnumerateValueKeySSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcessSSDT 81F7F532 ZwQueryDirectoryFile---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE 81F8057ADevice \Driver\i386p IRP_MJ_CREATE 81F7F3A4File C:\99e21c81d36497c0228b\data\EURGEOM.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DCT File C:\99e21c81d36497c0228b\data\EURROUTE.VLF File C:\99e21c81d36497c0228b\data\EUR_HD.MAD File C:\99e21c81d36497c0228b\data\MSCREATE.DIR File C:\99e21c81d36497c0228b\sp1\spmsg.dll File C:\99e21c81d36497c0228b\sp1\spuninst.exe File C:\99e21c81d36497c0228b\sp1\update File C:\99e21c81d36497c0228b\sp1\update\eula.txt File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll File C:\99e21c81d36497c0228b\sp1\update\update.exe File C:\99e21c81d36497c0228b\sp2\spmsg.dll File C:\99e21c81d36497c0228b\sp2\spuninst.exe File C:\99e21c81d36497c0228b\sp2\update File C:\99e21c81d36497c0228b\sp2\update\eula.txt File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll File C:\99e21c81d36497c0228b\sp2\update\update.exe File C:\99e21c81d36497c0228b\system\AM70407.DLL File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE File C:\99e21c81d36497c0228b\system\EUR70407.CHM File C:\99e21c81d36497c0228b\system\EUR70407.DLL File C:\99e21c81d36497c0228b\system\EUR70407.HLP File C:\99e21c81d36497c0228b\system\MSCREATE.DIR File C:\99e21c81d36497c0228b\system\MVUT21N.DLL Copyright (c) GMER 2004 - 2013
     
  3. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    Posted January 25th, and still no response???? I had a much better experience last time. Can someone please help me, or direct me to someone who can please. Thank you.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Sorry for delay in you getting help.

    loads of rubbish on there including at least one rootkit


    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
  6. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    ComboFix 13-02-07.02 - bipslittlegirl 02/11/2013 9:03.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3061.1954 [GMT -5:00]
    Running from: c:\users\bipslittlegirl\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\SavingsApp
    c:\program files\SavingsApp\SavingsApp.dll
    c:\program files\SavingsApp\SavingsApp.exe
    c:\program files\SavingsApp\SavingsApp.ico
    c:\program files\SavingsApp\SavingsApp.ini
    c:\program files\SavingsApp\SavingsAppGui.exe
    c:\program files\SavingsApp\SavingsAppInstaller.log
    c:\program files\SavingsApp\Uninstall.exe
    c:\program files\Shop to Win
    c:\program files\Shop to Win\InstallNotifier.exe
    c:\program files\Shop to Win\ShopToWin.exe
    c:\program files\Shop to Win\ShopToWin.xpi
    c:\program files\Shop to Win\TestFeeds\DisableStatus.xml
    c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml
    c:\program files\Shop to Win\TestFeeds\GenericPopup.xml
    c:\program files\Shop to Win\TestFeeds\MainStatus.xml
    c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml
    c:\program files\Shop to Win\unins000.dat
    c:\program files\Shop to Win\unins000.exe
    c:\programdata\SPL5C34.tmp
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\update.exe
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
    c:\users\bipslittlegirl\Documents\ShopToWin
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-11 14:13 . 2013-02-11 14:18 -------- d-----w- c:\users\bipslittlegirl\AppData\Local\temp
    2013-02-11 14:13 . 2013-02-11 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-11 14:13 . 2013-02-11 14:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2013-02-11 11:43 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2013-02-09 02:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2AC48D2-1D7C-4E39-81EE-42739DAB3496}\mpengine.dll
    2013-01-25 18:23 . 2013-01-25 18:23 -------- d-----w- c:\users\bipslittlegirl\AppData\Roaming\Zeon
    2013-01-15 02:49 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-10 21:29 . 2012-07-29 10:05 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-09 02:05 . 2012-10-01 15:25 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-09 02:05 . 2012-03-05 17:50 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-17 06:28 . 2010-09-27 17:25 232336 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-16 13:12 . 2012-12-22 17:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50 . 2012-12-22 17:16 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-23 01:35 . 2013-01-09 04:49 2048000 ----a-w- c:\windows\system32\win32k.sys
    2012-11-20 04:22 . 2013-01-09 04:49 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-02-10 21:29 1920688 ----a-w- c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-10 1920688]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-02-27 00:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
    backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
    path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    backup=c:\windows\pss\Dell Dock.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backupExtension=.Startup
    backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
    .
    [HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    backup=c:\windows\pss\ZooskMessenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentMonitor]
    2012-11-05 08:50 377800 ----a-w- c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2008-12-18 09:58 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
    2011-05-19 13:51 2629632 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
    2011-04-20 21:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
    2008-11-03 15:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2009-06-03 18:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2010-03-09 04:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2009-05-05 20:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2010-03-09 04:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-12-21 16:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
    2010-03-05 23:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
    2010-03-06 00:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
    2010-02-09 17:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2008-01-02 04:37 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart PC Cleaner]
    2012-08-14 20:28 80016 ----a-w- c:\program files\Smart PC Cleaner\SPCLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
    2013-02-10 21:29 1124016 ----a-w- c:\program files\AVG Secure Search\vprot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 02:05]
    .
    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 04:47]
    .
    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 04:47]
    .
    2013-02-11 c:\windows\Tasks\RegPowerClean.job
    - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-08-21 19:30]
    .
    2013-02-11 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-20 16:32]
    .
    2013-02-11 c:\windows\Tasks\RPCReminder.job
    - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-08-21 19:34]
    .
    2013-02-11 c:\windows\Tasks\User_Feed_Synchronization-{732D4900-0690-44D5-A9B2-816DEBFC0AA1}.job
    - c:\windows\system32\msfeedssync.exe [2012-12-12 07:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com/
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
    MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
    MSConfigStartUp-dldtamon - c:\program files\Dell V305\dldtamon.exe
    MSConfigStartUp-dldtmon - c:\program files\Dell V305\dldtmon.exe
    MSConfigStartUp-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
    MSConfigStartUp-MyFunCardsIE_3w Browser Plugin Loader - c:\progra~1\MYFUNC~2\bar\1.bin\3wbrmon.exe
    MSConfigStartUp-Shop To Win - c:\program files\Shop To Win\ShopToWin.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-TkBellExe - f:\video folder\Update\realsched.exe
    MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    AddRemove-Audacity 1.3 Beta (Unicode)_is1 - f:\audacity 1.3 beta (unicode)\unins000.exe
    AddRemove-DefaultTab - c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    AddRemove-RealPlayer 12.0 - f:\video folder\Update\r1puninst.exe
    AddRemove-SavingsApp - c:\program files\SavingsApp\Uninstall.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    AddRemove-{833A2489-808F-45FE-8BEF-E391F599CAC0}_is1 - c:\program files\Shop To Win\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-11 09:18
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
    c:\program files\Generic\Network Printer Wizard\NPWService.exe
    c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-11 09:23:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-11 14:22
    .
    Pre-Run: 64,896,598,016 bytes free
    Post-Run: 65,052,381,184 bytes free
    .
    - - End Of File - - 721DEAECA5C2058621E983FF72485AB4
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    please run gmer again, but this time please attach the txt file to your next reply. Do not try & paste it in as it makes it unreadable
     
  8. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
  9. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit quick scan 2013-02-11 12:26:43
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O 149.05GB
    Running: jfsscwut.exe; Driver: C:\Users\BIPSLI~1\AppData\Local\Temp\pftcqpoc.sys

    ---- System - GMER 2.0 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90742D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- EOF - GMER 2.0 ----
     
  10. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    wait...its doin another one
     
  11. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-11 13:14:20
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O 149.05GB
    Running: jfsscwut.exe; Driver: C:\Users\BIPSLI~1\AppData\Local\Temp\pftcqpoc.sys

    ---- System - GMER 2.0 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FEE7DF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9072CA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FEE885E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FEED2E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FEED330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FEED422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FEED252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FEED374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FEED29A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FEED3DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FEE7E44]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9072CB34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FEE7AD6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FEE7E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FEEAD1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FEE8B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FEED30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FEED352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FEED446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FEED278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FEED3AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FEED2C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FEED400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9072CCA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FEE89CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FEE7EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FEE7F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FEE7B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FEE7CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FEE7C92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FEE7D5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9072CD60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FEE7F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9072CBE0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90742D92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!KeSetEvent + 10D 828F27D0 4 Bytes [F8, 7D, EE, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 131 828F27F4 4 Bytes [5A, CA, 72, 90] {POP EDX; RETF 0x9072}
    .text ntkrnlpa.exe!KeSetEvent + 191 828F2854 4 Bytes [5E, 88, EE, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 828F2894 8 Bytes [E4, D2, EE, 8F, 30, D3, EE, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 828F28A0 4 Bytes [22, D4, EE, 8F]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1D633 5 Bytes JMP 9073FC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82A76593 5 Bytes JMP 9074174C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7FEB8 4 Bytes CALL 8FEE91B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A83B2C 4 Bytes CALL 8FEE91CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AD7E8C 7 Bytes JMP 90742D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngCreateRectRgn + 4537 98EF0470 5 Bytes JMP 8FEEB67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + FDC 98F00628 5 Bytes JMP 8FEEB70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + C20 98F09689 5 Bytes JMP 8FEEC2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 4A1 98F0A475 5 Bytes JMP 8FEEC450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C4B 98F12C1F 5 Bytes JMP 8FEEAD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 616 98F13B75 5 Bytes JMP 8FEEC0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30EF 98F1F2A7 5 Bytes JMP 8FEEB536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 4561 98F20719 5 Bytes JMP 8FEEAF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 46B0 98F20868 5 Bytes JMP 8FEEB7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 4C45 98F20DFD 5 Bytes JMP 8FEEB7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A16 98F3A295 5 Bytes JMP 8FEEB384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A6A 98F3A2E9 5 Bytes JMP 8FEEB562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 377F 98F61378 5 Bytes JMP 8FEEBF8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DC 98F63CD5 5 Bytes JMP 8FEEAE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3F 98F6A66E 5 Bytes JMP 8FEEAFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 2B44 98F74B04 5 Bytes JMP 8FEEC4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 98F779FC 5 Bytes JMP 8FEEAE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLpkInstalled + 1D73 98F81817 5 Bytes JMP 8FEEC07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + B990 98F91DBD 5 Bytes JMP 8FEEB724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 8C4 98F95FAF 5 Bytes JMP 8FEEC232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngNineGrid + 6F70 98F9C65B 5 Bytes JMP 8FEEC036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + B0F 98F9FDCA 5 Bytes JMP 8FEEC180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 98FA76E9 5 Bytes JMP 8FEEAF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 98FC5C8A 2 Bytes JMP 8FEEB1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E83 98FC5C8D 2 Bytes [F2, F6]
    .text win32k.sys!CLIPOBJ_bEnum + 248 98FCB532 5 Bytes JMP 8FEEB0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26D9 98FCF06A 5 Bytes JMP 8FEEC3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 3765 98FE7444 5 Bytes JMP 8FEEB73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A15 98FED58D 5 Bytes JMP 8FEEB104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D28F 98FF9E07 5 Bytes JMP 8FEEB2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + 10D00 98FFD878 5 Bytes JMP 8FEEB248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\ComboFix\catchme.sys The system cannot find the path specified. !
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[664] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\services.exe[708] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[708] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[708] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[708] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
    .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
    .text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
    .text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
    .text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[732] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[812] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[812] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[812] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[812] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 001E0600
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 001E0804
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 001E0A08
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001E01F8
    .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001E03FC
    .text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 001C0600
    .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 001C0804
    .text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 001C0A08
    .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001C01F8
    .text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001C03FC
    .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00130600
    .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00130804
    .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00130A08
    .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001301F8
    .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001303FC
    .text C:\Windows\system32\aestsrv.exe[1092] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Windows\system32\aestsrv.exe[1092] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Windows\system32\aestsrv.exe[1092] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00980600
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00980804
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00980A08
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009801F8
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009803FC
    .text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00800600
    .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00800804
    .text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00800A08
    .text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 008001F8
    .text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 008003FC
    .text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
    .text C:\Windows\system32\wuauclt.exe[1208] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
    .text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000903FC
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00090600
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00091014
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00090804
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00090A08
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00090C0C
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00090E10
    .text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000901F8
    .text C:\Windows\system32\AUDIODG.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00A80600
    .text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00A80804
    .text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00A80A08
    .text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 00A801F8
    .text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 00A803FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
    .text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\bcmwltry.exe[1680] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7727A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\WLANExt.exe[1740] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WLANExt.exe[1740] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WLANExt.exe[1740] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00090600
    .text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000903FC
    .text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00120600
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00120804
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00120A08
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001201F8
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001203FC
    .text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001003FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
    .text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000A0600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000A1014
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000A0804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000A0A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000A0C0C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000A0E10
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000A01F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000B0600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000B0804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000B0A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000B01F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\Dwm.exe[2396] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[2396] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[2396] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[2396] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[2396] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2432] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 002403FC
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00240600
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00241014
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00240804
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00240A08
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00240C0C
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00240E10
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 002401F8
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00250600
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00250804
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00250A08
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 002501F8
    .text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 002503FC
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[3012] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3012] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3012] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00900600
    .text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00900804
    .text C:\Windows\system32\svchost.exe[3012] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00900A08
    .text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009001F8
    .text C:\Windows\system32\svchost.exe[3012] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009003FC
    .text C:\Windows\Explorer.exe[3040] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.exe[3040] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.exe[3040] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.exe[3040] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.exe[3040] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.exe[3040] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.exe[3040] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.exe[3040] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00060A08
     
  12. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6C6FDAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6C62550D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6C7F725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6C7F71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6C7F72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6C7F7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6C7F7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6C7F70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6C7F7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001401F8
    .text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001403FC
    .text C:\Windows\system32\STacSV.exe[3084] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001603FC
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00160600
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00161014
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00160804
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00160A08
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00160C0C
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00160E10
    .text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\svchost.exe[3096] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[3096] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[3096] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00970600
    .text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00970804
    .text C:\Windows\system32\svchost.exe[3096] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00970A08
    .text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009701F8
    .text C:\Windows\system32\svchost.exe[3096] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009703FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3184] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001401F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001403FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001603FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00160600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00161014
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00160804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00160A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00160C0C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00160E10
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001601F8
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001603FC
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00370600
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00371014
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00370804
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00370A08
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00370C0C
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00370E10
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00390600
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00390804
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00390A08
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 003901F8
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 003903FC
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
    .text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3704] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 002603FC
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00260600
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00261014
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00260804
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00260A08
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00260C0C
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00260E10
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 002601F8
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00270600
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00270804
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00270A08
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 002701F8
    .text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 002703FC
    .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
    .text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogParamW 764072A2 5 Bytes JMP 6C6FDE88 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!GetAsyncKeyState 7640863C 5 Bytes JMP 6C618EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 6C6F9A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CallNextHookEx 76408E3B 5 Bytes JMP 6C6ED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 6C66469C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!EnableWindow 7640CD8B 5 Bytes JMP 6C6FDD15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6C6FDAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!GetKeyState 76418CB1 5 Bytes JMP 6C6FD2BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!IsDialogMessageW 76420745 5 Bytes JMP 6C625A1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogParamA 764217AA 5 Bytes JMP 6C7F7ECB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!IsDialogMessage 76421847 5 Bytes JMP 6C7F7767 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogIndirectParamA 764226F1 5 Bytes JMP 6C7F7F02 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogIndirectParamW 76429A62 5 Bytes JMP 6C7F7F39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetKeyboardState 76430987 5 Bytes JMP 6C7F7AD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6C62550D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6C7F725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SendInput 76432F75 5 Bytes JMP 6C7F8693 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!EndDialog 7643326E 5 Bytes JMP 6C627EC6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetCursorPos 76446FB2 5 Bytes JMP 6C7F86E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6C7F71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6C7F72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6C7F7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6C7F7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6C7F70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6C7F7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!keybd_event 7645D972 5 Bytes JMP 6C7F8A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] SHELL32.dll!SHRestricted + D95 767289A8 4 Bytes [4D, 30, 6F, 6A] {DEC EBP; XOR [EDI+0x6a], CH}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] SHELL32.dll!SHRestricted + D9D 767289B0 8 Bytes [57, 2F, 6F, 6A, 9C, 5B, 6E, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ole32.dll!OleLoadFromStream 773D1E80 5 Bytes JMP 6C7F75C7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5832] ole32.dll!CoCreateInstance 77409F3E 5 Bytes JMP 6C6FDB58 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- User IAT/EAT - GMER 2.0 ----
    IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
    IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7377F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F8E660
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F8E140
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F8D2A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F8EBE0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F8C260
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F8BBD0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F8BF90
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F8D100
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F8D7C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F8D550
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F8D740
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F8DC20
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F8D930
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F8D450
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F8D690
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F8D240
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F8D0C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00F8E680
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F8C110
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F8E3A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F8E2C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F8E280
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F8C940
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F8BA30
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F8D340
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F8B9A0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F8BC80
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F8A730
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F8CC90
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00F8E650
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00F8E920
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00F8E8C0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F8EB10
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F8EBB0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00F8E9E0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F8E5D0
    IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F8E580
    IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7377F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6A6EFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6A6F051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A6EEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6A6EF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6A6EEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A6EE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6A6EED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6A6E2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6A6E2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6A6E173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6A6DBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6A6E0F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6A6E14E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6A6DED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6A6E103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6A6E1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6A6E0921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6A6DA073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6A6DE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6A6E0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6A6DD361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6A6DBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6A6DE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6A6E2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6A6E2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6A6E23A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6A6DFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6A6DF973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6A6EED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6A6EE43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6A6EEDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6A6EF9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6A6EE9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6A6EE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6A6EEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6A6F020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6A6EF4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6A6EEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6A6EFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6A6EF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6A6F051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6A6EFF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6A6F0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6A6F0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6A6EFDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6A6EF677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6A6DCFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6A6E0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6A6DD22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6A6DD9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6A6DEB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6A6DCAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6A6DC709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6A6DCD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6A6E1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6A6E103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6A6E09B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6A6DC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6A6DC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6A6DC5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6A6DF0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6A6DFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6A6DF5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6A6E620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6A6E7595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6A6E60AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6A6E615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6A6E75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6A6E6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6A6E799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6A6E684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6A6E6E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6A6E6AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6A6E6B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6A6E7281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6A6E6716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6A6E71ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6A6E7021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6A6E7FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6A6E7159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6A6E68E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6A6E6BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6A6E6803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6A6E6F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6A6E63A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6A6E80BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6A6E8513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6A6E8176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6A6E65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6A6E7BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6A6E8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6A6E697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6A6E6DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6A6E6D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6A6E731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6A6E6EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6A6E6C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6A6E6AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6A6E78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6A6E63F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6A6E76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6A6E8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6A6E777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6A6E7831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6A6E667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6A6E7636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6A6DBB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6A6DC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6A6DC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6A6E8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6A6E81D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6A6E72CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6A6E75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6A6E76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6A6E65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6A6E788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6A6E86D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6A6E78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6A6E8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6A6E6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    ---- EOF - GMER 2.0 ----
     
  13. bipslittlegirl

    bipslittlegirl Thread Starter

    Joined:
    Nov 19, 2011
    Messages:
    43
    :):):):):):)

    Had to split it up into 2 parts, was having trouble posting entire log. Thanks!

    :eek::eek::eek::eek::eek::eek:
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    next

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086820

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice