Jump to content


Photo

Worst virus/malware i have ever come across - help


  • Please log in to reply
44 replies to this topic

#1 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 29 January 2012 - 02:12 PM

Hi, I would be really grateful for your help! I have an infection on my laptop which is stopping me from accesing any microsoft sites, most virus/malware realated sites and searches, etc. it also blanks out all instructions/options on downloaded software and control panel, 'internet options', etc, etc. If I try to use google, i instantly get the 'internet explorer has stopped working' message - not the case if I search via Yahoo.I use Avast! which has up until now been reliable, but now finds nothing. The infection initially disabled Avast! and I was not able to re-start it, but managed to download it again. A boot scan has discovered nothing - neither has Spybot search and destroy, or Malwarebytes. Adaware HAS discovered something, but...I am only able to run adaware from the taskbar, if I try by any other meansI get a generic message telling me that the programme has unexpectedly closed. When I get the message that something has been discovered, I am unavle to look at what it has found as i get the same generic message! HELP! I use Windows 7, 3g RAM and connect to the internet via virginmedia cable.

#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 29 January 2012 - 06:11 PM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 29 January 2012 - 07:09 PM

Hi, thanks for your help. Bit of a nightmare as I can't even access this forum via the laptop that is infected - the virus/malware must recognise it! So via my desktop and a memory stick, here are the two files -


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Morris at 18:02:47 on 2012-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.1806 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\morris\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271610810412
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{187348F7-B6E5-4070-B74D-DDFCE7FD48AF} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-29 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-26 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-25 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-25 314456]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-25 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-25 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-25 44768]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-1-1 44312]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-28 2152152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-20 1343400]
.
=============== Created Last 30 ================
.
2012-01-29 12:33:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-29 12:31:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-29 12:31:06 -------- d-----w- c:\program files\Lavasoft
2012-01-27 17:47:56 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0222c985-fe51-4516-9928-7bd0a16c0683}\mpengine.dll
2012-01-26 20:46:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-26 20:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-26 19:27:59 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-26 19:27:54 -------- d-----w- c:\program files\Panda Security
2012-01-26 18:53:23 -------- d-----w- c:\users\morris\appdata\local\ElevatedDiagnostics
2012-01-26 02:26:59 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-01-26 02:26:52 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-01-26 02:26:47 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-01-26 02:25:55 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-26 02:25:55 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-01-26 02:25:55 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-26 02:25:55 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-01-26 02:25:55 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-26 02:25:55 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-01-26 02:25:47 18432 ----a-w- c:\windows\system32\corpol.dll
2012-01-25 19:44:50 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-25 19:44:50 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-25 19:44:43 41184 ----a-w- c:\windows\avastSS.scr
2012-01-25 19:44:36 -------- d-----w- c:\program files\AVAST Software
2012-01-25 18:32:44 -------- d-----w- c:\windows\system32\wbem\repository
2012-01-23 18:30:08 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-23 18:30:07 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 18:30:07 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 11:51:25 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-15 11:51:25 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 11:51:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 11:51:25 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 11:51:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 11:51:24 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-15 11:51:24 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:51:24 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 11:51:24 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-15 11:51:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-15 11:51:21 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 12:22:52 -------- d-----w- c:\users\morris\appdata\local\Amazon
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 10:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 05:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:04:03.85 ===============

#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 29 January 2012 - 10:08 PM

Hi,

Are both laptop and your other systems connected to internet via same network device?

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab, uncheck files option and then click scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 29 January 2012 - 11:41 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-29 22:14:01
Windows 6.1.7601 Service Pack 1
Running: eseonjl5.exe; Driver: C:\Users\Morris\AppData\Local\Temp\pwdiypob.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91D4CFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8BB84510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91D4F456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91D4F4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91D4F5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91D4F3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x91D4F4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91D4F400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91D4F572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91D4CFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8BB845C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91D4CDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91D4D00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91D4F9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91D4DAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91D4F486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91D4F4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91D4F5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91D4F3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91D4F53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91D4F42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91D4F59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8BB84658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91D4D96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91D4D030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91D4D054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91D4CE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91D4CF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91D4CF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91D4CF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91D4D078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8BB987A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 82C3A9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5A4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C61750 4 Bytes [C4, CF, D4, 91]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C61778 4 Bytes [10, 45, B8, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C6182C 8 Bytes [56, F4, D4, 91, AE, F4, D4, ...] {PUSH ESI; HLT ; AAM 0x91; SCASB ; HLT ; AAM 0x91}
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C61838 4 Bytes [C4, F5, D4, 91]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 82C61854 4 Bytes [AC, F3, D4, 91]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DE740E 5 Bytes JMP 8BB9569C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E0E916 5 Bytes JMP 8BB97174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E1506F 4 Bytes CALL 91D4E025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E51C8D 4 Bytes CALL 91D4E03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 82ED77D4 7 Bytes JMP 8BB987A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Morris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes [E9, 0A, 5C, F0, 89] {JMP 0xffffffff89f05c0f}
.text user32.dll!UnhookWinEvent 7640B750 5 Bytes [E9, A7, 4C, F0, 89] {JMP 0xffffffff89f04cac}
.text user32.dll!SetWindowsHookExW 7640E30C 5 Bytes [E9, F3, 24, F0, 89] {JMP 0xffffffff89f024f8}
.text user32.dll!SetWinEventHook 764124DC 5 Bytes [E9, 17, DD, EF, 89] {JMP 0xffffffff89efdd1c}
.text user32.dll!SetWindowsHookExA 76436D0C 5 Bytes [E9, EF, 98, ED, 89] {JMP 0xffffffff89ed98f4}
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\taskhost.exe[344] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[344] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[344] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[344] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[344] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000E0600
.text C:\windows\system32\taskeng.exe[364] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[364] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[364] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskeng.exe[364] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00080A08
.text C:\windows\system32\taskeng.exe[364] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000803FC
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00080804
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000801F8
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00080600
.text C:\windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[492] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[492] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[492] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\wininit.exe[492] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\services.exe[572] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[572] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[580] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[580] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[580] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00090A08
.text C:\windows\system32\winlogon.exe[580] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000903FC
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00090804
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000901F8
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00090600
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[600] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[600] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\lsass.exe[600] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[720] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[820] user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00320A08
.text C:\windows\system32\svchost.exe[820] user32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003203FC
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00320804
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003201F8
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00320600
.text C:\windows\System32\svchost.exe[876] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[876] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00400A08
.text C:\windows\System32\svchost.exe[876] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 004003FC
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00400804
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 004001F8
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00400600
.text C:\windows\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00430A08
.text C:\windows\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 004303FC
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00430804
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 004301F8
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00430600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00260A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00260804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00260600
.text C:\windows\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00FB0A08
.text C:\windows\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 00FB03FC
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00FB0804
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 00FB01F8
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00FB0600
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00540A08
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 005403FC
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00540804
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 005401F8
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00540600
.text C:\windows\system32\Dwm.exe[1176] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[1176] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[1176] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00A80A08
.text C:\windows\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 00A803FC
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00A80804
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 00A801F8
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00A80600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 7691F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00110A08
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001103FC
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00110804
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001101F8
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00110600
.text C:\windows\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1728] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00250A08
.text C:\windows\system32\svchost.exe[1728] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002503FC
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00250804
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002501F8
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00250600
.text C:\windows\Explorer.EXE[1784] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[1784] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[1784] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\Explorer.EXE[1784] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[1784] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00150600
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00140804
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00140600
.text C:\windows\system32\SearchProtocolHost.exe[1868] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000903FC
.text C:\windows\system32\SearchProtocolHost.exe[1868] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000901F8
.text C:\windows\system32\SearchProtocolHost.exe[1868] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00130A08
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001303FC
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00130804
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001301F8
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00130600
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 009E0A08
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 009E03FC
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 009E0804
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 009E01F8
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 009E0600
.text C:\windows\system32\SearchIndexer.exe[2224] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[2224] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[2224] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00140A08
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001403FC
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00140804
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001401F8
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00140600
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[2260] KERNEL32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\windows\system32\svchost.exe[2596] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2596] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[2632] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[2632] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[2632] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[2632] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\windows\System32\svchost.exe[2632] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001203FC
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00120804
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001201F8
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00120600
.text C:\windows\system32\igfxext.exe[2968] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxext.exe[2968] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxext.exe[2968] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\igfxsrvc.exe[2996] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[2996] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[2996] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\igfxtray.exe[3048] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[3048] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[3048] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[3056] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[3056] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[3056] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[3064] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3064] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3064] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\windows\system32\igfxsrvc.exe[3108] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[3108] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[3108] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001903FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00190804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001901F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00190600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\windows\System32\svchost.exe[3852] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[3852] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[3852] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[3852] user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001C0A08
.text C:\windows\System32\svchost.exe[3852] user32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001C03FC
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001C0804
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001C01F8
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001C0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3928] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00310A08
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003103FC
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00310804
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003101F8
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 003E0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 003E0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00160A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00160804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00160600
.text C:\windows\system32\SearchFilterHost.exe[4312] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchFilterHost.exe[4312] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchFilterHost.exe[4312] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000703FC
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000701F8
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00530A08
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 005303FC
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00530804
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 005301F8
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00530600
.text C:\windows\system32\AUDIODG.EXE[5192] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001703FC
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001701F8
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!GetAsyncKeyState 7640A256 5 Bytes JMP 7281DD8D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!CallNextHookEx 7640ABE1 5 Bytes JMP 72897BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!CreateWindowExW 7640EC7C 5 Bytes JMP 7289FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!GetKeyState 76412B4D 5 Bytes JMP 7281DC67 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!DefWindowProcW 7641507D 7 Bytes JMP 72897C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] SHELL32.dll!RealDriveType + 173D 76C4FDD0 4 Bytes [CF, 01, 2C, 6E] {IRET ; ADD [ESI+EBP*2], EBP}
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] SHELL32.dll!RealDriveType + 1745 76C4FDD8 8 Bytes [E0, 61, 2B, 6E, 79, F7, 2B, ...] {LOOPNZ 0x63; SUB EBP, [ESI+0x79]; IMUL DWORD [EBX]; OUTSB }
.text C:\windows\system32\taskeng.exe[5556] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[5556] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[5556] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\taskhost.exe[5740] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[5740] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[5740] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetAsyncKeyState 7640A256 5 Bytes JMP 7281DD8D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CallNextHookEx 7640ABE1 5 Bytes JMP 72897BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW 7640EC7C 5 Bytes JMP 7289FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetKeyState 76412B4D 5 Bytes JMP 7281DC67 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DefWindowProcW 7641507D 7 Bytes JMP 72897C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!RealDriveType + 173D 76C4FDD0 4 Bytes [CF, 01, 2C, 6E] {IRET ; ADD [ESI+EBP*2], EBP}
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!RealDriveType + 1745 76C4FDD8 8 Bytes [E0, 61, 2B, 6E, 79, F7, 2B, ...] {LOOPNZ 0x63; SUB EBP, [ESI+0x79]; IMUL DWORD [EBX]; OUTSB }
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E2C7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E2CF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E2CAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E2C939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E2B5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E2C9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E2BF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E2C0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E2CF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E2D072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E2CF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E2D1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E2D1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E2BFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E2D1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E2BF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E2BFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E2D1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E2D12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E2D0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E2D1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E2D194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E2D1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E2BF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E2BF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E2D27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E2D136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E2D1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E2D0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E2D2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E2BF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E2D2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E2B7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E2BF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E2BE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E2B5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E2D140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E2D1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E2D1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E2C0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E2D218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E2D1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E2BFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E2D19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E2BFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E2D20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E2D0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E2D0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E2BFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E2D18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E2D1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E2D171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E2D17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E2C8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E2CCB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E2CD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E2CD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E2CC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E2CB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E2CA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E2CE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E2CA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E2C9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E2CE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E2C9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E2CA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E2BF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E2D2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E2B64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E2B4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E2B6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E2C7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E2CF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E2CAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E2C939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E2B5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E2C9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E2BF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E2C0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E2CF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E2D072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E2CF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E2D1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E2D1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E2BFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E2D1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E2BF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E2BFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E2D1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E2D12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E2D0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E2D1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E2D194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E2D1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E2BF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E2BF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E2D27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E2D136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E2D1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E2D0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E2D2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E2BF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E2D2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E2B7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E2BF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E2BE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E2B5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E2D140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E2D1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E2D1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E2C0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E2D218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E2D1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E2BFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E2D19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E2BFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E2D20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E2D0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E2D0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E2BFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E2D18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E2D1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E2D171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E2D17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E2C8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E2CCB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E2CD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E2CD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E2CC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E2CB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E2CA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E2CE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E2CA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E2C9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E2CE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E2C9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E2CA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E2BF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E2D2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E2B64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E2B4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E2B6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c@cc55ad072b8f 0xE1 0x19 0x89 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c@cc55ad072b8f 0xE1 0x19 0x89 0xC1 ...
---- EOF - GMER 1.0.15 ----

#6 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 29 January 2012 - 11:46 PM

Apologies if that last reply should have been via an attachment. With regards to your comments about 'connected to the same network device' - the desktop is not wirelss and connects via the ntl supplied modem, the laptop connects via a belkin router - does that help? The desktop does seem very slow. thanks again.

#7 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 January 2012 - 05:41 PM

Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#8 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 30 January 2012 - 08:27 PM

Hi, Combi files attached as requested. Thanks again.


ComboFix 12-01-30.02 - Morris 30/01/2012 19:06:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.1987 [GMT 0:00]
Running from: c:\users\Morris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQJ2HADZ\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Morris\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Morris\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 12:33 . 2012-01-29 12:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-29 12:31 . 2011-10-28 19:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-29 12:31 . 2012-01-29 12:31 -------- d-----w- c:\programdata\Lavasoft
2012-01-29 12:31 . 2012-01-29 12:31 -------- d-----w- c:\program files\Lavasoft
2012-01-27 17:47 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0222C985-FE51-4516-9928-7BD0A16C0683}\mpengine.dll
2012-01-26 20:46 . 2012-01-28 12:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-26 20:46 . 2012-01-26 21:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-26 19:27 . 2009-06-30 10:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-26 19:27 . 2012-01-26 19:27 -------- d-----w- c:\program files\Panda Security
2012-01-26 18:53 . 2012-01-26 18:53 -------- d-----w- c:\users\Morris\AppData\Local\ElevatedDiagnostics
2012-01-26 02:26 . 2012-01-26 02:27 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-01-26 02:26 . 2012-01-26 02:26 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-01-26 02:26 . 2012-01-26 02:26 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-01-26 02:25 . 2009-06-18 01:15 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-26 02:25 . 2009-06-18 01:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-01-26 02:25 . 2009-06-18 01:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-26 02:25 . 2009-06-18 01:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-26 02:25 . 2009-06-18 01:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-01-26 02:25 . 2009-04-09 05:23 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-01-26 02:25 . 2009-07-14 01:15 18432 ----a-w- c:\windows\system32\corpol.dll
2012-01-25 20:51 . 2012-01-25 20:51 -------- d-----w- c:\program files\Common Files\Java
2012-01-25 19:44 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-25 19:44 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-25 19:44 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-25 19:44 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-25 19:44 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-25 19:44 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-25 19:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-25 19:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-25 19:44 . 2012-01-25 19:44 -------- d-----w- c:\program files\AVAST Software
2012-01-25 18:32 . 2012-01-28 15:25 -------- d-----w- c:\windows\system32\wbem\repository
2012-01-23 18:30 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-23 18:30 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 18:30 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 11:51 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 11:51 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-15 11:51 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 11:51 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 11:51 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 11:51 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-15 11:51 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-15 11:51 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 11:51 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:51 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-15 11:51 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 12:22 . 2012-01-14 15:12 -------- d-----w- c:\users\Morris\AppData\Local\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-01-20 19:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 10:08 . 2010-01-01 13:56 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:23 . 2011-11-25 15:23 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-21 15:06 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 05:54 . 2010-07-19 09:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:26 . 2011-12-21 15:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-21 15:07 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-21 15:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-21 15:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-21 15:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-27 137536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBD
*NewlyCreated* - PWDIYPOB
*Deregistered* - pwdiypob
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1001Core.job
- c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 19:14]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1001UA.job
- c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 19:14]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-30 19:14:32
ComboFix-quarantined-files.txt 2012-01-30 19:14
.
Pre-Run: 215,811,194,880 bytes free
Post-Run: 215,754,440,704 bytes free
.
- - End Of File - - F838639CF1ADB41A72DB7CC17699C086

#9 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 31 January 2012 - 06:40 AM

Hi,

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0


  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click test.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#10 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 31 January 2012 - 09:38 AM

Hi - hope this helps. I also have an MS DOS batch file after doing this, but am usure of how to attach it to my reply?
Thanks.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Morris-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 96-4C-E5-56-9C-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 90-4C-E5-56-9C-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e580:9dc6:bc22:91ac%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 January 2012 19:20:37
Lease Expires . . . . . . . . . . : 08 March 2148 13:45:36
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 311446757
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-44-72-96-00-13-77-B9-98-51
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-24-54-3D-F2-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.Belkin:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{E366DA8A-EC55-4CAC-9A1B-0C76A4645162}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2429:1a67:aff8:302a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2429:1a67:aff8:302a%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {DE303132-9130-4EAA-B05D-05D95399FFC3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1
Name: google.com
Addresses: 209.85.229.99
209.85.229.105
209.85.229.104
209.85.229.147
209.85.229.103

Pinging google.com [209.85.229.147] with 32 bytes of data:
Reply from 209.85.229.147: bytes=32 time=24ms TTL=50
Reply from 209.85.229.147: bytes=32 time=29ms TTL=51
Ping statistics for 209.85.229.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 29ms, Average = 26ms
===========================================================================
Interface List
15...96 4c e5 56 9c 19 ......Microsoft Virtual WiFi Miniport Adapter
11...90 4c e5 56 9c 19 ......Atheros AR9285 Wireless Network Adapter
10...00 24 54 3d f2 f2 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.10 281
192.168.2.10 255.255.255.255 On-link 192.168.2.10 281
192.168.2.255 255.255.255.255 On-link 192.168.2.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.10 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:2429:1a67:aff8:302a/128
On-link
11 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2429:1a67:aff8:302a/128
On-link
11 281 fe80::e580:9dc6:bc22:91ac/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#11 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 31 January 2012 - 10:06 AM

Hi,

With regards to your comments about 'connected to the same network device' - the desktop is not wirelss and connects via the ntl supplied modem, the laptop connects via a belkin router

It looks like Belkin router may need its settings set to default state. There should be a reset button behind the router. You need to press it for some time (15-30s should cause the router lights to blink). Then see if issues still exist.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#12 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 31 January 2012 - 07:00 PM

Hi, regrettably, this has not made any difference. Tried it twice, the second time I actually removed all cables before re-set, still no joy. What are the next steps please? Thanks v much.

#13 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 31 January 2012 - 09:15 PM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#14 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 31 January 2012 - 10:17 PM

Hi, as soon as i try and start the scan for TDSSKiller.exe, I get the message 'TDSS rrotkit removing tool has stopped working' - i.e. a similar generic message to previous ones when I try a search in google etc. What a nightmare!! What else can we try please - are you still confidant this can be fixed? Thanks.

#15 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 01 February 2012 - 06:23 AM

Hi,

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#16 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 01 February 2012 - 07:11 PM

Hi, Yep, managed to get a scan from that download - please see below. Thanks.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 17:47:41
-----------------------------
17:47:41.269 OS Version: Windows 6.1.7601 Service Pack 1
17:47:41.269 Number of processors: 2 586 0x170A
17:47:41.269 ComputerName: MORRIS-PC UserName: Morris
17:47:42.268 Initialize success
17:47:42.346 AVAST engine defs: 12020100
17:47:57.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:57.010 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
17:47:57.041 Disk 0 MBR read successfully
17:47:57.041 Disk 0 MBR scan
17:47:57.041 Disk 0 unknown MBR code
17:47:57.057 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
17:47:57.072 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
17:47:57.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
17:47:57.119 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
17:47:57.119 Disk 0 scanning sectors +976771072
17:47:57.213 Disk 0 scanning C:\windows\system32\drivers
17:48:06.011 Service scanning
17:48:07.243 Modules scanning
17:48:17.602 Disk 0 trace - called modules:
17:48:17.633 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
17:48:17.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869ac9a8]
17:48:17.649 3 CLASSPNP.SYS[8bf6a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b63028]
17:48:18.429 AVAST engine scan C:\windows
17:48:20.659 AVAST engine scan C:\windows\system32
17:50:24.836 AVAST engine scan C:\windows\system32\drivers
17:50:35.350 AVAST engine scan C:\Users\Morris
17:59:28.325 AVAST engine scan C:\ProgramData
18:00:33.034 Scan finished successfully
18:01:28.071 Disk 0 MBR has been saved successfully to "C:\Users\Morris\Desktop\MBR.dat"
18:01:28.071 The log file has been saved successfully to "C:\Users\Morris\Desktop\aswMBR.txt"

#17 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 02 February 2012 - 08:53 AM

Hi,

Could you check if you have those browser issues when plugged into internet in the same way like your working system?
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#18 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 02 February 2012 - 08:09 PM

Hi - I am unable to connect to the internet using the cable directly from the router - strange?! I have done a factory reset again on the router - no difference I'm afraid.

#19 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 02 February 2012 - 08:14 PM

From your earlier sayings:

the desktop is not wirelss and connects via the ntl supplied modem



I am unable to connect to the internet using the cable directly from the router - strange?!

By router did you mean the modem? If not please try to connect this problematic system in the same way like the desktop.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#20 nomis

nomis

    Advanced Member

  • Members
  • PipPipPip
  • 34 posts

Posted 02 February 2012 - 08:22 PM

Sorry - I did mean modem!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users