Laptop (XP OS) is running slow.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
My laptop is running very, very slow. It has an XP operating system, 16 bit. I am afraid it is about to crash on me. Can you help me please? I am attaching the asked for logs. I have to go back and run the GFER because it froze on me. Will attach that when I get it. Thanks!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:34:48 PM, on 1/25/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19393)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\bipslittlegirl\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: CrossriderApp0004639 - {11111111-1111-1111-1111-110011461139} - C:\Program Files\SavingsApp\SavingsApp.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\bipslittlegirl\AppData\Roaming\Qwiklinx\Qwiklinx.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Freecause Shopping BHO - {8E51683A-EA9D-4127-AE14-A13294FF6F7C} - C:\Program Files\Shop to Win 19\Shop to Win 19.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\generic\network printer wizard\npwprint.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: NPWService - Unknown owner - C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8279 bytes





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393
Run by bipslittlegirl at 15:38:27 on 2013-01-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1151 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: SavingsApp: {11111111-1111-1111-1111-110011461139} - c:\program files\savingsapp\SavingsApp.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\bipslittlegirl\appdata\roaming\qwiklinx\Qwiklinx.dll
BHO: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - c:\program files\surf canyon\surfcanyon.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\bipslittlegirl\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Shop to Win: {8E51683A-EA9D-4127-AE14-A13294FF6F7C} - c:\program files\shop to win 19\Shop to Win 19.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1D20983A-1401-44CA-94BD-DD6F732F8F3C} : DHCPNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
TCP: Interfaces\{FA1A6543-94A3-4816-AF93-84481A747004} : DHCPNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-8 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-8 337880]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-29 31576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-8 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-8 57688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-2-26 179712]
.
=============== Created Last 30 ================
.
2013-01-25 18:23:08 -------- d-----w- c:\users\bipslittlegirl\appdata\roaming\Zeon
2013-01-25 10:14:12 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4722dbba-516b-4a6d-ac1d-715d861eb314}\mpengine.dll
2013-01-15 02:49:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-09 04:49:54 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 04:49:18 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 04:49:16 1400832 ----a-w- c:\windows\system32\msxml6.dll
2012-12-31 20:20:05 -------- d-----w- c:\users\bipslittlegirl\appdata\local\cache
2012-12-31 20:19:17 -------- d-----w- c:\programdata\VTech
2012-12-31 20:19:17 -------- d-----w- c:\program files\VTech
.
==================== Find3M ====================
.
2013-01-20 16:32:32 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-09 02:10:27 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 02:10:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-08 16:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 15:45:54.73 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 2/26/2009 12:33:33 PM
System Uptime: 1/25/2013 4:18:46 AM (11 hours ago)
.
Motherboard: Dell Inc. | | 0DT492
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | Microprocessor | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 62.67 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.665 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
5 Card Slingo Deluxe
ABBYY FineReader 6.0 Sprint
Acrobat.com
Action Replay Code Manager
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
AVG Security Toolbar
Banctec Service Agreement
Broadcom Management Programs
Brother MFL-Pro Suite MFC-J430W
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CWA Reminder by We-Care.com v4.1.18.3
Dam Beavers
DefaultTab
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
DELL0604
Digital Line Detect
Domino Master Gold
EDocs
Fast Search
FixCleaner
Free PDF to Word Doc Converter v1.1
Freeze.com NetAssistant
FrostWire 4.21.1
GameHouse Solitaire Challenge
Google Update Helper
GoToAssist 8.0.0.514
Heartwild(TM) Solitaire
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 7
Junk Mail filter update
Learning Lodge Navigator
Mah Jong Adventures
Mah Jong Medley
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Monopoly by Parker Brothers
Mplayer 0.6.9
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NetAssistant
NetWaiting
Network Printer Wizard
Nuance PaperPort 12
Nuance PDF Viewer Plus
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
OutlookAddinSetup
PaperPort Image Printer
Poppit! To Go
QuickSet
Qwiklinx
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SavingsApp
Scansoft PDF Professional
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop To Win
Slingo Casino Pak
Slingo Deluxe
Slingo Quest
Slingo Quest Hawaii
Slingo Supreme
Smart PC Cleaner v3.0
The Weather Channel App
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VTech Download Agent Library
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Winferno Registry Power Cleaner
WordJong(TM) To Go
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Could never save to my desktop because it kept freezing on me. Found a log. Hope this is what you need. If not, please advise. Thank you!

GMER 2.0.18444 - http://www.gmer.netRootkit scan 2013-01-06 20:21:33Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys---- Kernel code sections - GMER 2.0 ----.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 357 fffff880010c24d9 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 397 fffff880010c2501 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}---- Devices - GMER 2.0 ----Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}---- Trace I/O - GMER 2.0 ----Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS >>UNKNOWN [0xfffffa80024fbdd1]<< >>UNKNOWN [0xfffffa8000822064]<< intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8000822064Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8001348790] fffffa8001348790Trace 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800129d060] fffffa800129d060---- Disk sectors - GMER 2.0 ----Disk \Device\Harddisk0\DR0 Windows 7 default MBR code found via APIDisk \Device\Harddisk0\DR0 unknown MBR codeDisk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior---- EOF - GMER 2.0 ----ZAccess/x64GMER 2.0.18327 - http://www.gmer.netRootkit scan 2012-12-21 20:10:17Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys---- User code sections - GMER 2.0 ----.reloc C:\Windows\system32\services.exe [440] section is executable [0x4A8, 0xA0000020] 00000000ff532000---- Threads - GMER 2.0 ----Thread C:\Windows\system32\services.exe [440:1080] 00000000000d1e58---- EOF - GMER 2.0 [email protected]/x64GMER 2.0.17849 - http://www.gmer.netRootkit scan 2012-12-24 15:37:02Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 TOSHIBA_MK1255GSX_H rev.FG001Q 111.79GBRunning: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\uwldqpod.sys---- Devices - GMER 2.0 ----Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8002db8e84Device \Driver\volmgr \Device\FtControl fffffa8002db8e84Device \Driver\volmgr \Device\VolMgrControl fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8002db8e84Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8002db8e84---- Trace I/O - GMER 2.0 ----Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002db6560]<< ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8002db6560Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d94530] fffffa8002d94530Trace 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8001e42600] fffffa8001e42600Trace 5 ACPI.sys[fffff88000f45781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8002863060] fffffa8002863060Trace \Driver\atapi[0xfffffa8001e45060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002db6560 fffffa8002db6560---- Threads - GMER 2.0 ----Thread System [4:196] fffffa8002db8b24---- Disk sectors - GMER 2.0 ----Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behaviorDisk \Device\Harddisk0\DR0 suspicious partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 163840000---- EOF - GMER 2.0 ----TDL4/[email protected] 1.0.15.15570 - http://www.gmer.netRootkit scan 2011-03-21 22:34:17Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BB-22KEA0 rev.08.05J08Running: rplt1sur.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdrpob.sys---- System - GMER 1.0.15 ----SSDT 8A272CB8 ZwConnectPortSSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA3630350]SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA3630580]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F7000C.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0305000A.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0306000A.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0326000A.text C:\WINDOWS\System32\svchost.exe[968] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0108000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0182000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0183000A.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0167000C.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0153000A.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0154000A.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0152000C---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A78127FDevice \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A78127FAttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200BB-22KEA0_____________________08.05J08#5&60ba549&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior---- EOF - GMER 1.0.15 ---- TDSSGMER 1.0.15.15121 - http://www.gmer.netRootkit scan 2009-10-03 13:54:24Windows 5.1.2600 Service Pack 2---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74CB380]---- Devices - GMER 1.0.15 ----Device \Driver\atapi \Device\Ide\IdePort0 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort1 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort2 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort3 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort4 [F74BE9F2] atapi.sys[unknown section]Device \Driver\atapi \Device\Ide\IdePort5 [F74BE9F2] atapi.sys[unknown section]---- Processes - GMER 1.0.15 ----Library \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736] 0x10000000---- EOF - GMER 1.0.15 ----Tigger/SyzorGMER 1.0.15.14918 - http://www.gmer.netRootkit scan 2009-01-12 15:18:21Windows 5.1.2600 Dodatek Service Pack 2---- Kernel code sections - GMER 1.0.15 ----PAGEKD KDCOM.DLL!KdSendPacket F9F4D1B2 8 Bytes [FF, 35, 00, F0, 8F, 81, 9B, ...] {PUSH DWORD [0x818ff000]; WAIT ; RET }---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 1 Byte [55].text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 7 Bytes [55, FF, 25, 00, 00, F6, 00] {PUSH EBP; JMP [0xf60000]}.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 1 Byte [55].text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 7 Bytes [55, FF, 25, 00, 00, 1F, 01] {PUSH EBP; JMP [0x11f0000]}---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE F8B98880Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ F8B99E54Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ F8B99E54Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ F8B992DCDevice \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE F8B9932EDevice \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN F8B99FA0---- Threads - GMER 1.0.15 ----Thread System [4:300] F8B99EB4Thread System [4:1164] F8B99490Thread System [4:1740] F8B98988Thread System [4:1388] F8B9A022---- EOF - GMER 1.0.15 ----MBR rootkit/Mebroot/SinowalGMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2008-08-24 07:50:49Windows 5.1.2600 Service Pack 3---- Disk sectors - GMER 1.0.14 ----Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4Disk \Device\Harddisk0\DR0 sector 62: copy of MBR---- Kernel code sections - GMER 1.0.14 ----PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]PAGE ... ---- User code sections - GMER 1.0.14 ----.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57 .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4 .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00 ---- Devices - GMER 1.0.14 ----Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410---- Threads - GMER 1.0.14 ----Thread 4:796 855BBC80Thread 4:800 855A8D80Thread 4:804 85663DC0Thread 4:808 85594E00Thread 4:2856 855BBC80Thread 4:2860 855A8D80Thread 4:2864 85663DC0Thread 4:2868 85594E00---- EOF - GMER 1.0.14 ----C:\>mbr.exe -tStealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.netdevice: opened successfullyuser: MBR read successfullycalled modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85938E90]<< kernel: MBR read successfullydetected MBR rootkit hooks:\Driver\atapi -> 0x85938e90\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8593fc20NDIS: Intel(R) 82566DM-2 Gigabit Network Connection -> SendCompleteHandler -> 0x8596e700Warning: possible MBR rootkit infection !copy of MBR has been found in sector 0x0100A757 malicious code @ sector 0x0100A75A !PE file found in sector at 0x0100A770 !MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.RioDrvs.sysGMER 1.0.13.12482 - http://www.gmer.netRootkit scan 2007-06-15 08:55:07Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.13 ----SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwCloseSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwCloseSSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKeySSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriverSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriverSSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFileSSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFileSSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKeySSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey---- Processes - GMER 1.0.13 ----Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000 Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000 ---- Files - GMER 1.0.13 ----File C:\WINDOWS\linkinfo.dll File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!File C:\WINDOWS\system32\linkinfo.dll ---- Services - GMER 1.0.13 ----Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!---- EOF - GMER 1.0.13 ----VideoAti0.sysGMER 1.0.12.12070 - http://www.gmer.netRootkit scan 2007-02-26 15:38:06Windows 5.1.2600 Service Pack 2---- Kernel code sections - GMER 1.0.12 ----PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET ? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.---- Devices - GMER 1.0.12 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144ACDevice \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC---- Modules - GMER 1.0.12 ----Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000 ---- Files - GMER 1.0.12 ----File C:\WINDOWS\system32\drivers\VideoAti0.sys File C:\WINDOWS\system32\VideoAti0.dll File C:\WINDOWS\system32\VideoAti0.exe ---- EOF - GMER 1.0.12 ----wincom32.sysGMER 1.0.12.12012 - http://www.gmer.netRootkit scan 2007-02-04 13:46:33Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.12 ----SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!---- User code sections - GMER 1.0.12 ----.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4 .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4 .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4 .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4 .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4 .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4 .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4 .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4 .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4 .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4 .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4 .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505 ---- Devices - GMER 1.0.12 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sysDevice \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys---- Processes - GMER 1.0.12 ----Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248 ---- Services - GMER 1.0.12 ----Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!---- Files - GMER 1.0.12 ----File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf File C:\WINDOWS\system32\adir.dll File C:\WINDOWS\system32\adirss.exe File C:\WINDOWS\system32\taskdir.exe File C:\WINDOWS\system32\wincom32.ini File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!File C:\WINDOWS\system32\WindowsLogon.manifest ---- EOF - GMER 1.0.12 ----lzx32GMER 1.0.11.11310 - http://www.gmer.netRootkit 2006-09-14 09:31:21Windows 5.1.2600 Service Pack 2---- System - GMER 1.0.11 ----SYSENTER ? F60FDFAF---- Modules - GMER 1.0.11 ----Module (noname) (*** hidden *** ) F60F9000 ---- Threads - GMER 1.0.11 ----Thread 4:1224 F60FC08A---- Services - GMER 1.0.11 ----Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!---- Files - GMER 1.0.11 ----ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!---- EOF - GMER 1.0.11 ----Gromozon RootkitGMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-31 14:25:26 Windows 5.1.2600 Service Pack 2 ---- Processes - GMER 1.0.10 ---- Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!! Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!! ---- Files - GMER 1.0.10 ---- File C:\WINDOWS\mdoom1.dll File C:\WINDOWS\system32\lpt4.hzq ---- EOF - GMER 1.0.10 ---- GMER 1.0.10.10122 - http://www.gmer.net Autostart 2006-08-31 14:27:47 Windows 5.1.2600 Service Pack 2 ...HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq ...HKLM\SYSTEM\CurrentControlSet\Services\ >>> SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe" ...HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll ...---- EOF - GMER 1.0.10 ---- pe386GMER 1.0.10.10108 - http://www.gmer.netRootkit 2006-05-25 14:32:07Windows 5.1.2600 Service Pack 1---- System - GMER 1.0.10 ----SYSENTER ? 00810005---- Devices - GMER 1.0.10 ----Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0---- Services - GMER 1.0.10 ----Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!---- EOF - GMER 1.0.10 ----xdudmm.sys
xdudtt.dllGMER 1.0.10.10108 - http://www.gmer.netRootkit 2006-05-24 00:29:02Windows 5.1.2600 ---- System - GMER 1.0.10 ----SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThreadSSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSectionSSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess---- Devices - GMER 1.0.10 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys---- Processes - GMER 1.0.10 ----Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!---- Services - GMER 1.0.10 ----Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!---- EOF - GMER 1.0.10 ----alco8drv.sysGMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 Dodatek Service Pack 2 ---- System - GMER 1.0.9 ---- ---- Devices - GMER 1.0.9 ---- Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11 ---- Processes - GMER 1.0.9 ---- Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\WINDOWS\system32\drivers\alco8drv.sys File C:\WINDOWS\system32\synbdusx.exe ---- EOF - GMER 1.0.9 ----imaslip.sysGMER 1.0.9.8110 - {http://www.gmer.net}Windows 5.1.2600 Dodatek Service Pack 2---- Devices - GMER 1.0.9 ----Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sysDevice \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390---- Processes - GMER 1.0.9 ----Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!---- Files - GMER 1.0.9 ----File C:\WINDOWS\system32\drivers\imaslip.sys File C:\WINDOWS\system32\lsacap32.exe ---- EOF - GMER 1.0.9 ----ivdmt16.sys winlow.sysGMER 1.0.9.8110 - http://www.gmer.net Windows 5.1.2600 ---- System - GMER 1.0.9 ---- SSDT a347bus.sys ZwClose SSDT a347bus.sys ZwCreateKey SSDT a347bus.sys ZwCreatePagingFile SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!! SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!! SSDT a347bus.sys ZwEnumerateValueKey SSDT a347bus.sys ZwOpenKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryKey SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!! SSDT a347bus.sys ZwQueryValueKey SSDT a347bus.sys ZwSetSystemPowerState ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!! ---- Files - GMER 1.0.9 ---- File C:\!KillBox\drct16.dll File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\WINDOWS\system32\cz.dll File C:\WINDOWS\system32\drct16.dll File C:\WINDOWS\system32\fltr.a3d File C:\WINDOWS\system32\hz.sys File C:\WINDOWS\system32\i.a3d File C:\WINDOWS\system32\klogini.dll File C:\WINDOWS\system32\mszx23.exe File C:\WINDOWS\system32\p2.ini File C:\WINDOWS\system32\redir.a3d File C:\WINDOWS\system32\tnfl.a3d File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!! File C:\WINDOWS\system32\wz.sys File D:\System Volume Information\tracking.log ---- Services - GMER 1.0.9 ---- Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!! Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!! ---- EOF - GMER 1.0.9 ----drmpdate.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \SystemRoot\System32\drivers\klif.sys ZwCloseSSDT d347bus.sys ZwCreateKeySSDT d347bus.sys ZwCreatePagingFileSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessExSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSectionSSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThreadSSDT d347bus.sys ZwEnumerateKeySSDT d347bus.sys ZwEnumerateValueKeySSDT kl1.sys ZwOpenFileSSDT d347bus.sys ZwOpenKeySSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcessSSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFileSSDT d347bus.sys ZwQueryKeySSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformationSSDT d347bus.sys ZwQueryValueKeySSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcessSSDT d347bus.sys ZwSetSystemPowerStateSSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThreadSSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcessSSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]---- Devices - GMER 1.0.9 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYSDevice \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYSDevice \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sysDevice \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8---- Processes - GMER 1.0.9 ----Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!---- Modules - GMER 1.0.9 ----Module _________ F846A000---- Services - GMER 1.0.9 ----Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvcReg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\[email protected] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUNReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\[email protected] 1Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvcReg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exeReg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm[email protected] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUNReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dllReg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.netReg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.htmlReg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?Reg \Registry\MACHINE\SOFTWARE\[email protected] 1Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exeReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exeReg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2 Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCICReg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAMEReg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sysReg \Registry\MACHINE\SOFTWARE\[email protected] m_hook.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Dodatek Service Pack. 1---- System - GMER 1.0.9 ----SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected] C:\\WINDOWS\\System32\\wintems.exeReg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected] C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe---- Files - GMER 1.0.9 ----File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidiresFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exeFile C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!File C:\\WINDOWS\\system32\\wintems.exe---- Services - GMER 1.0.9 ----Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ----VT100.EXEGMER 1.0.10.9819 - http://www.gmer.netRootkit 2006-05-04 18:30:25Windows 5.1.2600 Dodatek Service Pack 2---- Processes - GMER 1.0.10 ----Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!---- Registry - GMER 1.0.10 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] Emulator C:\WINDOWS\system32\VT100.EXE---- Files - GMER 1.0.10 ----File C:\WINDOWS\system32\VT100.EXE---- EOF - GMER 1.0.10 ----zopenssld.sysGMER 1.0.9.8110 - http://www.gmer.netWindows 5.1.2600 Service Pack 2---- System - GMER 1.0.9 ----SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!---- Processes - GMER 1.0.9 ----Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!---- Registry - GMER 1.0.9 ----Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_runReg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_run---- Files - GMER 1.0.9 ----File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe File C:\WINDOWS\mcusi.dll File C:\WINDOWS\system32\epfpr.exe File C:\WINDOWS\system32\ogolrs.exe File C:\WINDOWS\system32\plmtcxj.exe File C:\WINDOWS\system32\unolibu.dll File C:\WINDOWS\system32\zopenssl.dll File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!---- Services - GMER 1.0.9 ----Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!---- EOF - GMER 1.0.9 ---- sysbus32.sys---- System - GMER 1.0.8 ----SSDT 8182860A ZwEnumerateKeySSDT 818298B6 ZwQueryDirectoryFile---- Devices - GMER 1.0.8 ----Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEEDevice \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE---- Services - GMER 1.0.8 ----Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32---- Registry - GMER 1.0.8 ----Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 2Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] System32\DRIVERS\sysbus32.sysReg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...---- Files - GMER 1.0.8 ----File D:\WINDOWS\system32\drivers\sysbus32.sysavpe32.sys avpe64.sys avpe32.dll---- System - GMER 1.0.7 ----SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessExSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcessSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThreadSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFileSSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation---- Processes - GMER 1.0.7 ----Process explorer.exe (*** hidden *** ) 1596File D:\WINDOWS\system32\avpe32.dll File D:\WINDOWS\system32\drivers\avpe64.sys File D:\WINDOWS\system32\klgcptini.dat File D:\WINDOWS\system32\stt82.ini isa32.sys + netpt.sys ---- System - GMER 1.0.6 ----SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKeySSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKeySSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcessSSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFileSSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE isa32.sysDevice \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sysDevice \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys---- Processes - GMER 1.0.6 ----Process svchost.exe (*** hidden *** ) 828Process perfont.exe (*** hidden *** ) 1276File C:\WINDOWS\system32\drivers\isa32.sys File C:\WINDOWS\system32\main6.exe File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf i386p.sys---- System - GMER 1.0.6 ----SSDT 81F7FA16 ZwEnumerateKeySSDT 81F7FABA ZwEnumerateValueKeySSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcessSSDT 81F7F532 ZwQueryDirectoryFile---- Devices - GMER 1.0.6 ----Device \Driver\Tcpip IRP_MJ_CREATE 81F8057ADevice \Driver\i386p IRP_MJ_CREATE 81F7F3A4File C:\99e21c81d36497c0228b\data\EURGEOM.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DAT File C:\99e21c81d36497c0228b\data\EURROUTE.DCT File C:\99e21c81d36497c0228b\data\EURROUTE.VLF File C:\99e21c81d36497c0228b\data\EUR_HD.MAD File C:\99e21c81d36497c0228b\data\MSCREATE.DIR File C:\99e21c81d36497c0228b\sp1\spmsg.dll File C:\99e21c81d36497c0228b\sp1\spuninst.exe File C:\99e21c81d36497c0228b\sp1\update File C:\99e21c81d36497c0228b\sp1\update\eula.txt File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll File C:\99e21c81d36497c0228b\sp1\update\update.exe File C:\99e21c81d36497c0228b\sp2\spmsg.dll File C:\99e21c81d36497c0228b\sp2\spuninst.exe File C:\99e21c81d36497c0228b\sp2\update File C:\99e21c81d36497c0228b\sp2\update\eula.txt File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll File C:\99e21c81d36497c0228b\sp2\update\update.exe File C:\99e21c81d36497c0228b\system\AM70407.DLL File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE File C:\99e21c81d36497c0228b\system\EUR70407.CHM File C:\99e21c81d36497c0228b\system\EUR70407.DLL File C:\99e21c81d36497c0228b\system\EUR70407.HLP File C:\99e21c81d36497c0228b\system\MSCREATE.DIR File C:\99e21c81d36497c0228b\system\MVUT21N.DLL Copyright (c) GMER 2004 - 2013
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
Posted January 25th, and still no response???? I had a much better experience last time. Can someone please help me, or direct me to someone who can please. Thank you.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Sorry for delay in you getting help.

loads of rubbish on there including at least one rootkit


Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
ComboFix 13-02-07.02 - bipslittlegirl 02/11/2013 9:03.1.2 - x86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3061.1954 [GMT -5:00]
Running from: c:\users\bipslittlegirl\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SavingsApp
c:\program files\SavingsApp\SavingsApp.dll
c:\program files\SavingsApp\SavingsApp.exe
c:\program files\SavingsApp\SavingsApp.ico
c:\program files\SavingsApp\SavingsApp.ini
c:\program files\SavingsApp\SavingsAppGui.exe
c:\program files\SavingsApp\SavingsAppInstaller.log
c:\program files\SavingsApp\Uninstall.exe
c:\program files\Shop to Win
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\ShopToWin.exe
c:\program files\Shop to Win\ShopToWin.xpi
c:\program files\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files\Shop to Win\TestFeeds\MainStatus.xml
c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\programdata\SPL5C34.tmp
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\users\bipslittlegirl\Documents\ShopToWin
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 14:13 . 2013-02-11 14:18 -------- d-----w- c:\users\bipslittlegirl\AppData\Local\temp
2013-02-11 14:13 . 2013-02-11 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-11 14:13 . 2013-02-11 14:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-11 11:43 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-09 02:13 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2AC48D2-1D7C-4E39-81EE-42739DAB3496}\mpengine.dll
2013-01-25 18:23 . 2013-01-25 18:23 -------- d-----w- c:\users\bipslittlegirl\AppData\Roaming\Zeon
2013-01-15 02:49 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 21:29 . 2012-07-29 10:05 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-09 02:05 . 2012-10-01 15:25 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 02:05 . 2012-03-05 17:50 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 06:28 . 2010-09-27 17:25 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-22 17:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 17:16 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-23 01:35 . 2013-01-09 04:49 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-09 04:49 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-10 21:29 1920688 ----a-w- c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-10 1920688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-27 00:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backupExtension=.Startup
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
.
[HKLM\~\startupfolder\C:^Users^bipslittlegirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\bipslittlegirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentMonitor]
2012-11-05 08:50 377800 ----a-w- c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-18 09:58 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2011-05-19 13:51 2629632 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-04-20 21:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 15:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 18:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-09 04:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 20:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-09 04:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 16:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-05 23:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 00:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 17:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-01-02 04:37 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart PC Cleaner]
2012-08-14 20:28 80016 ----a-w- c:\program files\Smart PC Cleaner\SPCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-02-10 21:29 1124016 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-01 02:05]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 04:47]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-16 04:47]
.
2013-02-11 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2012-08-21 19:30]
.
2013-02-11 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files\AVG Secure Search\PostInstall\ROC.exe [2013-01-20 16:32]
.
2013-02-11 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2012-08-21 19:34]
.
2013-02-11 c:\windows\Tasks\User_Feed_Synchronization-{732D4900-0690-44D5-A9B2-816DEBFC0AA1}.job
- c:\windows\system32\msfeedssync.exe [2012-12-12 07:12]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
MSConfigStartUp-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
MSConfigStartUp-dldtamon - c:\program files\Dell V305\dldtamon.exe
MSConfigStartUp-dldtmon - c:\program files\Dell V305\dldtmon.exe
MSConfigStartUp-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
MSConfigStartUp-MyFunCardsIE_3w Browser Plugin Loader - c:\progra~1\MYFUNC~2\bar\1.bin\3wbrmon.exe
MSConfigStartUp-Shop To Win - c:\program files\Shop To Win\ShopToWin.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - f:\video folder\Update\realsched.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - f:\audacity 1.3 beta (unicode)\unins000.exe
AddRemove-DefaultTab - c:\users\bipslittlegirl\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-RealPlayer 12.0 - f:\video folder\Update\r1puninst.exe
AddRemove-SavingsApp - c:\program files\SavingsApp\Uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{833A2489-808F-45FE-8BEF-E391F599CAC0}_is1 - c:\program files\Shop To Win\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 09:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\program files\Generic\Network Printer Wizard\NPWService.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-02-11 09:23:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-11 14:22
.
Pre-Run: 64,896,598,016 bytes free
Post-Run: 65,052,381,184 bytes free
.
- - End Of File - - 721DEAECA5C2058621E983FF72485AB4
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
please run gmer again, but this time please attach the txt file to your next reply. Do not try & paste it in as it makes it unreadable
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
GMER 2.0.18454 - http://www.gmer.net
Rootkit quick scan 2013-02-11 12:26:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O 149.05GB
Running: jfsscwut.exe; Driver: C:\Users\BIPSLI~1\AppData\Local\Temp\pftcqpoc.sys

---- System - GMER 2.0 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90742D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- EOF - GMER 2.0 ----
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-02-11 13:14:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O 149.05GB
Running: jfsscwut.exe; Driver: C:\Users\BIPSLI~1\AppData\Local\Temp\pftcqpoc.sys

---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FEE7DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9072CA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FEE885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FEED2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FEED330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FEED422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FEED252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FEED374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FEED29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FEED3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FEE7E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9072CB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FEE7AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FEE7E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FEEAD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FEE8B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FEED30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FEED352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FEED446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FEED278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FEED3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FEED2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FEED400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9072CCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FEE89CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FEE7EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FEE7F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FEE7B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FEE7CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FEE7C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FEE7D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9072CD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FEE7F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9072CBE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90742D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 828F27D0 4 Bytes [F8, 7D, EE, 8F]
.text ntkrnlpa.exe!KeSetEvent + 131 828F27F4 4 Bytes [5A, CA, 72, 90] {POP EDX; RETF 0x9072}
.text ntkrnlpa.exe!KeSetEvent + 191 828F2854 4 Bytes [5E, 88, EE, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828F2894 8 Bytes [E4, D2, EE, 8F, 30, D3, EE, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828F28A0 4 Bytes [22, D4, EE, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1D633 5 Bytes JMP 9073FC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A76593 5 Bytes JMP 9074174C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7FEB8 4 Bytes CALL 8FEE91B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A83B2C 4 Bytes CALL 8FEE91CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AD7E8C 7 Bytes JMP 90742D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 98EF0470 5 Bytes JMP 8FEEB67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + FDC 98F00628 5 Bytes JMP 8FEEB70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 98F09689 5 Bytes JMP 8FEEC2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 98F0A475 5 Bytes JMP 8FEEC450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C4B 98F12C1F 5 Bytes JMP 8FEEAD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 98F13B75 5 Bytes JMP 8FEEC0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30EF 98F1F2A7 5 Bytes JMP 8FEEB536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4561 98F20719 5 Bytes JMP 8FEEAF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B0 98F20868 5 Bytes JMP 8FEEB7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C45 98F20DFD 5 Bytes JMP 8FEEB7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A16 98F3A295 5 Bytes JMP 8FEEB384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A6A 98F3A2E9 5 Bytes JMP 8FEEB562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 98F61378 5 Bytes JMP 8FEEBF8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DC 98F63CD5 5 Bytes JMP 8FEEAE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 98F6A66E 5 Bytes JMP 8FEEAFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B44 98F74B04 5 Bytes JMP 8FEEC4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 98F779FC 5 Bytes JMP 8FEEAE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 98F81817 5 Bytes JMP 8FEEC07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B990 98F91DBD 5 Bytes JMP 8FEEB724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 98F95FAF 5 Bytes JMP 8FEEC232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F70 98F9C65B 5 Bytes JMP 8FEEC036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 98F9FDCA 5 Bytes JMP 8FEEC180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 98FA76E9 5 Bytes JMP 8FEEAF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 98FC5C8A 2 Bytes JMP 8FEEB1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E83 98FC5C8D 2 Bytes [F2, F6]
.text win32k.sys!CLIPOBJ_bEnum + 248 98FCB532 5 Bytes JMP 8FEEB0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 98FCF06A 5 Bytes JMP 8FEEC3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3765 98FE7444 5 Bytes JMP 8FEEB73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A15 98FED58D 5 Bytes JMP 8FEEB104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D28F 98FF9E07 5 Bytes JMP 8FEEB2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10D00 98FFD878 5 Bytes JMP 8FEEB248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[612] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[664] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[664] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[664] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[664] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[664] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[708] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[708] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[708] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[708] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
.text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[732] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[812] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[812] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[812] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[812] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[812] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 001C0600
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 001C0804
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 001C0A08
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001C01F8
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001C03FC
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00130804
.text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00130A08
.text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001301F8
.text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001303FC
.text C:\Windows\system32\aestsrv.exe[1092] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Windows\system32\aestsrv.exe[1092] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Windows\system32\aestsrv.exe[1092] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\aestsrv.exe[1092] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00980600
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00980804
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00980A08
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009801F8
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009803FC
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00800600
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00800804
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00800A08
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 008001F8
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 008003FC
.text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[1208] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[1208] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[1208] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\wuauclt.exe[1208] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\AUDIODG.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00A80600
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00A80804
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00A80A08
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 00A801F8
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 00A803FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1484] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Windows\System32\WLTRYSVC.EXE[1668] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\WLTRYSVC.EXE[1668] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\WLTRYSVC.EXE[1668] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\bcmwltry.exe[1680] KERNEL32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7727A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1740] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1740] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1740] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\WLANExt.exe[1740] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00090600
.text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00090804
.text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\WLANExt.exe[1740] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00120600
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00120804
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00120A08
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001201F8
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1816] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001003FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000A1014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000A0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000A0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000A0C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000A0E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2308] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[2396] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[2396] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[2396] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[2396] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2396] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2396] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2396] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2432] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2432] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2432] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2432] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 002403FC
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00240600
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00241014
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00240804
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00240A08
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00240C0C
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00240E10
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 002401F8
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00250600
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00250804
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00250A08
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 002501F8
.text C:\Program Files\Generic\Network Printer Wizard\NPWService.exe[2948] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 002503FC
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe[2992] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[3012] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3012] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00900600
.text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00900804
.text C:\Windows\system32\svchost.exe[3012] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00900A08
.text C:\Windows\system32\svchost.exe[3012] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009001F8
.text C:\Windows\system32\svchost.exe[3012] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009003FC
.text C:\Windows\Explorer.exe[3040] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.exe[3040] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.exe[3040] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.exe[3040] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.exe[3040] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.exe[3040] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.exe[3040] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.exe[3040] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.exe[3040] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00060A08
 

bipslittlegirl

Thread Starter
Joined
Nov 19, 2011
Messages
43
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6C6FDAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6C62550D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6C7F725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6C7F71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6C7F72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6C7F7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6C7F7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6C7F70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3076] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6C7F7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001401F8
.text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001403FC
.text C:\Windows\system32\STacSV.exe[3084] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\STacSV.exe[3084] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[3096] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[3096] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00970600
.text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00970804
.text C:\Windows\system32\svchost.exe[3096] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00970A08
.text C:\Windows\system32\svchost.exe[3096] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 009701F8
.text C:\Windows\system32\svchost.exe[3096] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 009703FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe[3160] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3184] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3184] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3184] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3336] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001601F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001603FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00370600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00371014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00370804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00370A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00370C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00370E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3380] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 003903FC
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3392] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\wbem\unsecapp.exe[3392] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3392] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 000C0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3624] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3704] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 002603FC
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00260600
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00261014
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00260804
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00260A08
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00260C0C
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00260E10
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 002601F8
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00270600
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00270804
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00270A08
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 002701F8
.text C:\Users\bipslittlegirl\Desktop\jfsscwut.exe[3820] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[3928] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3928] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3928] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[4004] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[4884] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000501F8
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000503FC
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 00070804
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 00070A08
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000803FC
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00080600
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00081014
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00080804
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00080A08
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00080C0C
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00080E10
.text C:\ProgramData\WeCareReminder\ReminderHelper.exe[5096] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ntdll.dll!LdrLoadDll 77899378 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ntdll.dll!LdrUnloadDll 778AB680 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] kernel32.dll!GetBinaryTypeW + 70 772A2447 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!CreateServiceW 76379EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!DeleteService 7637A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!SetServiceObjectSecurity 763B6CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfigA 763B6DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfigW 763B6F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfig2A 763B7099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!ChangeServiceConfig2W 763B71E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ADVAPI32.dll!CreateServiceA 763B72A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWindowsHookExA 76406322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogParamW 764072A2 5 Bytes JMP 6C6FDE88 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!GetAsyncKeyState 7640863C 5 Bytes JMP 6C618EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 6C6F9A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CallNextHookEx 76408E3B 5 Bytes JMP 6C6ED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 6C66469C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetWinEventHook 76409F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!UnhookWinEvent 7640C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!EnableWindow 7640CD8B 5 Bytes JMP 6C6FDD15 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6C6FDAFC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!GetKeyState 76418CB1 5 Bytes JMP 6C6FD2BF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!IsDialogMessageW 76420745 5 Bytes JMP 6C625A1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogParamA 764217AA 5 Bytes JMP 6C7F7ECB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!IsDialogMessage 76421847 5 Bytes JMP 6C7F7767 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogIndirectParamA 764226F1 5 Bytes JMP 6C7F7F02 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!CreateDialogIndirectParamW 76429A62 5 Bytes JMP 6C7F7F39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetKeyboardState 76430987 5 Bytes JMP 6C7F7AD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6C62550D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6C7F725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SendInput 76432F75 5 Bytes JMP 6C7F8693 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!EndDialog 7643326E 5 Bytes JMP 6C627EC6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!SetCursorPos 76446FB2 5 Bytes JMP 6C7F86E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6C7F71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6C7F72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6C7F7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6C7F7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6C7F70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6C7F7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] USER32.dll!keybd_event 7645D972 5 Bytes JMP 6C7F8A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] SHELL32.dll!SHRestricted + D95 767289A8 4 Bytes [4D, 30, 6F, 6A] {DEC EBP; XOR [EDI+0x6a], CH}
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] SHELL32.dll!SHRestricted + D9D 767289B0 8 Bytes [57, 2F, 6F, 6A, 9C, 5B, 6E, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ole32.dll!OleLoadFromStream 773D1E80 5 Bytes JMP 6C7F75C7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5832] ole32.dll!CoCreateInstance 77409F3E 5 Bytes JMP 6C6FDB58 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7377F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00F8E660
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00F8E140
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00F8D2A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00F8EBE0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F8C260
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00F8BBD0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00F8BF90
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00F8D100
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00F8D7C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00F8D550
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00F8D740
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00F8DC20
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00F8D930
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00F8D450
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00F8D690
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00F8D240
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00F8D0C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00F8E680
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00F8C110
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00F8E3A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00F8E2C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00F8E280
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00F8C940
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00F8BA30
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00F8D340
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00F8B9A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00F8BC80
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00F8A730
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00F8CC90
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00F8E650
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00F8E920
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00F8E8C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00F8EB10
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00F8EBB0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00F8E9E0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00F8E5D0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[2172] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00F8E580
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3704] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7377F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6A6EFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6A6F051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A6EEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6A6EF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6A6EEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A6EE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6A6EED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6A6E2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6A6E2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6A6E173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6A6DBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6A6E0F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6A6E14E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6A6DED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6A6E103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6A6E1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6A6E0921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6A6DA073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6A6DE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6A6E0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6A6DD361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6A6DBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6A6DE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6A6E2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6A6E2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6A6E23A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6A6DFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6A6DF973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6A6EED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6A6EE43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6A6EEDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6A6EF9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6A6EE9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6A6EE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6A6EEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6A6F020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6A6EF4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6A6EEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6A6EFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6A6EF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6A6F051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6A6EFF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6A6F0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6A6F0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6A6EFDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6A6EF677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6A6DCFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6A6E2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6A6E0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6A6DD22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6A6DD9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6A6DDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6A6DEB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6A6E1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6A6DE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6A6DCAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6A6E0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6A6DC709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6A6DBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6A6DCD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6A6DD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6A6E1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6A6E103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6A6DC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6A6E09B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6A6DC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6A6DC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6A6DC5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6A6DF0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6A6DFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6A6DF5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6A6E620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6A6E7595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6A6E60AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6A6E615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6A6E75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6A6E6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6A6E799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6A6E684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6A6E6E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6A6E6AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6A6E6B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6A6E7281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6A6E6716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6A6E71ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6A6E7021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6A6E7FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6A6E7159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6A6E68E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6A6E6BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6A6E6803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6A6E6F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6A6E63A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6A6E80BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6A6E8513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6A6E8176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6A6E65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6A6E7BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6A6E8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6A6E697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6A6E6DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6A6E6D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6A6E731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6A6E6EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6A6E6C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6A6E6AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6A6E78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6A6E63F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6A6E76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6A6E8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6A6E777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6A6E7831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6A6E667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6A6E7636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6A6DBB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6A6E3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6A6E3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6A6E007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6A6E1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6A6DA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6A6DEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6A6DC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6A6DC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6A6DE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6A6DFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6A6DBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6A6DFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6A6E8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6A6E81D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6A6E72CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6A6E75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6A6E76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6A6E65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6A6E788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6A6E86D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6A6E78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6A6E8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6A6E6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5832] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6A6D82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- EOF - GMER 2.0 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
next

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top