• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
nomis

Worst virus/malware i have ever come across - help

45 posts in this topic

Hi, I would be really grateful for your help! I have an infection on my laptop which is stopping me from accesing any microsoft sites, most virus/malware realated sites and searches, etc. it also blanks out all instructions/options on downloaded software and control panel, 'internet options', etc, etc. If I try to use google, i instantly get the 'internet explorer has stopped working' message - not the case if I search via Yahoo.I use Avast! which has up until now been reliable, but now finds nothing. The infection initially disabled Avast! and I was not able to re-start it, but managed to download it again. A boot scan has discovered nothing - neither has Spybot search and destroy, or Malwarebytes. Adaware HAS discovered something, but...I am only able to run adaware from the taskbar, if I try by any other meansI get a generic message telling me that the programme has unexpectedly closed. When I get the message that something has been discovered, I am unavle to look at what it has found as i get the same generic message! HELP! I use Windows 7, 3g RAM and connect to the internet via virginmedia cable.

Share this post


Link to post
Share on other sites
Hi,

Download DDS and save it to your desktop from [url=http://download.bleepingcomputer.com/sUBs/dds.com][b][color=seagreen]here[/color][/b][/url] or [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b][color=seagreen]here[/color][/b][/url] or [url=http://www.forospyware.com/sUBs/dds][b][color=seagreen]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds file [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
Hi, thanks for your help. Bit of a nightmare as I can't even access this forum via the laptop that is infected - the virus/malware must recognise it! So via my desktop and a memory stick, here are the two files -


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Morris at 18:02:47 on 2012-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.1806 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\morris\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271610810412
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{187348F7-B6E5-4070-B74D-DDFCE7FD48AF} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 [url="http://www.spywareinfoforum.com"]www.spywareinfoforum.com[/url]
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-29 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-26 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-25 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-25 314456]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-25 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-25 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-25 44768]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-1-1 44312]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-28 2152152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-1 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-20 1343400]
.
=============== Created Last 30 ================
.
2012-01-29 12:33:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-29 12:31:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-29 12:31:06 -------- d-----w- c:\program files\Lavasoft
2012-01-27 17:47:56 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0222c985-fe51-4516-9928-7bd0a16c0683}\mpengine.dll
2012-01-26 20:46:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-26 20:46:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-26 19:27:59 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-26 19:27:54 -------- d-----w- c:\program files\Panda Security
2012-01-26 18:53:23 -------- d-----w- c:\users\morris\appdata\local\ElevatedDiagnostics
2012-01-26 02:26:59 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-01-26 02:26:52 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-01-26 02:26:47 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-01-26 02:25:55 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-26 02:25:55 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-01-26 02:25:55 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-26 02:25:55 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-01-26 02:25:55 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-26 02:25:55 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-01-26 02:25:47 18432 ----a-w- c:\windows\system32\corpol.dll
2012-01-25 19:44:50 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-25 19:44:50 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-25 19:44:43 41184 ----a-w- c:\windows\avastSS.scr
2012-01-25 19:44:36 -------- d-----w- c:\program files\AVAST Software
2012-01-25 18:32:44 -------- d-----w- c:\windows\system32\wbem\repository
2012-01-23 18:30:08 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-23 18:30:07 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 18:30:07 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 11:51:25 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-15 11:51:25 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 11:51:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 11:51:25 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 11:51:24 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 11:51:24 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-15 11:51:24 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:51:24 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 11:51:24 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-15 11:51:23 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-15 11:51:21 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 12:22:52 -------- d-----w- c:\users\morris\appdata\local\Amazon
.
==================== Find3M ====================
.
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 10:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 05:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:04:03.85 ===============

Share this post


Link to post
Share on other sites
Hi,

Are both laptop and your other systems connected to internet via same network device?

Download [url=http://www.gmer.net][color=blue]GMER[/color][/url] here by clicking download exe -button and then saving it your desktop:[list]
[*]Double-click [b].exe[/b] that you downloaded
[*]Click [b]rootkit[/b]-tab, uncheck files option and then click [b]scan.[/b]
[*][color=red][b]Don't check
Show All
box while scanning in progress![/color][/b]
[*]When scanning is ready, click [b]Copy[/b].
[*]This copies log to clipboard
[*]Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
[/list]

Share this post


Link to post
Share on other sites
GMER 1.0.15.15641 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2012-01-29 22:14:01
Windows 6.1.7601 Service Pack 1
Running: eseonjl5.exe; Driver: C:\Users\Morris\AppData\Local\Temp\pwdiypob.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91D4CFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8BB84510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91D4F456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91D4F4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91D4F5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91D4F3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x91D4F4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91D4F400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91D4F572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91D4CFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8BB845C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91D4CDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91D4D00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91D4F9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91D4DAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91D4F486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91D4F4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91D4F5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91D4F3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91D4F53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91D4F42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91D4F59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8BB84658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91D4D96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91D4D030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91D4D054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91D4CE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91D4CF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91D4CF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91D4CF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91D4D078]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8BB987A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 82C3A9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C5A4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C61750 4 Bytes [C4, CF, D4, 91]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C61778 4 Bytes [10, 45, B8, 8B]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C6182C 8 Bytes [56, F4, D4, 91, AE, F4, D4, ...] {PUSH ESI; HLT ; AAM 0x91; SCASB ; HLT ; AAM 0x91}
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C61838 4 Bytes [C4, F5, D4, 91]
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 82C61854 4 Bytes [AC, F3, D4, 91]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DE740E 5 Bytes JMP 8BB9569C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E0E916 5 Bytes JMP 8BB97174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E1506F 4 Bytes CALL 91D4E025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E51C8D 4 Bytes CALL 91D4E03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 82ED77D4 7 Bytes JMP 8BB987A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Morris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes [E9, 0A, 5C, F0, 89] {JMP 0xffffffff89f05c0f}
.text user32.dll!UnhookWinEvent 7640B750 5 Bytes [E9, A7, 4C, F0, 89] {JMP 0xffffffff89f04cac}
.text user32.dll!SetWindowsHookExW 7640E30C 5 Bytes [E9, F3, 24, F0, 89] {JMP 0xffffffff89f024f8}
.text user32.dll!SetWinEventHook 764124DC 5 Bytes [E9, 17, DD, EF, 89] {JMP 0xffffffff89efdd1c}
.text user32.dll!SetWindowsHookExA 76436D0C 5 Bytes [E9, EF, 98, ED, 89] {JMP 0xffffffff89ed98f4}
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\taskhost.exe[344] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[344] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[344] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[344] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[344] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[344] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000E0600
.text C:\windows\system32\taskeng.exe[364] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[364] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[364] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskeng.exe[364] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00080A08
.text C:\windows\system32\taskeng.exe[364] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000803FC
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00080804
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000801F8
.text C:\windows\system32\taskeng.exe[364] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00080600
.text C:\windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[492] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[492] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[492] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\wininit.exe[492] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\services.exe[572] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[572] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[580] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[580] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[580] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00090A08
.text C:\windows\system32\winlogon.exe[580] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000903FC
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00090804
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000901F8
.text C:\windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00090600
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[600] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[600] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\lsass.exe[600] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[720] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[820] user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00320A08
.text C:\windows\system32\svchost.exe[820] user32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003203FC
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00320804
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003201F8
.text C:\windows\system32\svchost.exe[820] user32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00320600
.text C:\windows\System32\svchost.exe[876] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[876] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00400A08
.text C:\windows\System32\svchost.exe[876] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 004003FC
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00400804
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 004001F8
.text C:\windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00400600
.text C:\windows\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00430A08
.text C:\windows\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 004303FC
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00430804
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 004301F8
.text C:\windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00430600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00260A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00260804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[980] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00260600
.text C:\windows\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00FB0A08
.text C:\windows\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 00FB03FC
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00FB0804
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 00FB01F8
.text C:\windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00FB0600
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00540A08
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 005403FC
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00540804
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 005401F8
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00540600
.text C:\windows\system32\Dwm.exe[1176] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[1176] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[1176] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[1176] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1276] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00A80A08
.text C:\windows\system32\svchost.exe[1276] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 00A803FC
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00A80804
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 00A801F8
.text C:\windows\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00A80600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 7691F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00110A08
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001103FC
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00110804
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001101F8
.text C:\windows\System32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00110600
.text C:\windows\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1728] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00250A08
.text C:\windows\system32\svchost.exe[1728] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002503FC
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00250804
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002501F8
.text C:\windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00250600
.text C:\windows\Explorer.EXE[1784] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[1784] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[1784] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\Explorer.EXE[1784] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[1784] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[1784] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00150600
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00140804
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1860] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00140600
.text C:\windows\system32\SearchProtocolHost.exe[1868] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000903FC
.text C:\windows\system32\SearchProtocolHost.exe[1868] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000901F8
.text C:\windows\system32\SearchProtocolHost.exe[1868] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00130A08
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001303FC
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00130804
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001301F8
.text C:\windows\system32\SearchProtocolHost.exe[1868] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00130600
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 009E0A08
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 009E03FC
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 009E0804
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 009E01F8
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 009E0600
.text C:\windows\system32\SearchIndexer.exe[2224] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[2224] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[2224] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00140A08
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001403FC
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00140804
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001401F8
.text C:\windows\system32\SearchIndexer.exe[2224] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00140600
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[2244] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[2260] KERNEL32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2356] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2364] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[2488] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[2544] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2564] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\windows\system32\svchost.exe[2596] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2596] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[2632] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[2632] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[2632] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[2632] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\windows\System32\svchost.exe[2632] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001203FC
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00120804
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001201F8
.text C:\Program Files\Windows Live\Mail\wlmail.exe[2836] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00120600
.text C:\windows\system32\igfxext.exe[2968] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxext.exe[2968] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxext.exe[2968] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\igfxext.exe[2968] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\igfxsrvc.exe[2996] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[2996] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[2996] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\igfxsrvc.exe[2996] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\igfxtray.exe[3048] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[3048] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[3048] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[3048] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[3056] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[3056] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[3056] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[3056] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[3064] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3064] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3064] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[3064] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\windows\system32\igfxsrvc.exe[3108] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[3108] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[3108] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\windows\system32\igfxsrvc.exe[3108] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001903FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00190804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001901F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3284] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00190600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3524] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3600] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[3760] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\windows\System32\svchost.exe[3852] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[3852] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[3852] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[3852] user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001C0A08
.text C:\windows\System32\svchost.exe[3852] user32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001C03FC
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001C0804
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001C01F8
.text C:\windows\System32\svchost.exe[3852] user32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001C0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3872] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00180600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3928] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00310A08
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003103FC
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00310804
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003101F8
.text C:\Users\Morris\Downloads\eseonjl5.exe[3936] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4004] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 003E0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4044] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 003E0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00160A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00160804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4060] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00160600
.text C:\windows\system32\SearchFilterHost.exe[4312] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchFilterHost.exe[4312] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchFilterHost.exe[4312] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\windows\system32\SearchFilterHost.exe[4312] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000703FC
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000701F8
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00530A08
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 005303FC
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00530804
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 005301F8
.text C:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe[4904] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00530600
.text C:\windows\system32\AUDIODG.EXE[5192] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 001703FC
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 001701F8
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE[5340] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!GetAsyncKeyState 7640A256 5 Bytes JMP 7281DD8D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!CallNextHookEx 7640ABE1 5 Bytes JMP 72897BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!CreateWindowExW 7640EC7C 5 Bytes JMP 7289FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!GetKeyState 76412B4D 5 Bytes JMP 7281DC67 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!DefWindowProcW 7641507D 7 Bytes JMP 72897C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] SHELL32.dll!RealDriveType + 173D 76C4FDD0 4 Bytes [CF, 01, 2C, 6E] {IRET ; ADD [ESI+EBP*2], EBP}
.text C:\Program Files\Internet Explorer\iexplore.exe[5420] SHELL32.dll!RealDriveType + 1745 76C4FDD8 8 Bytes [E0, 61, 2B, 6E, 79, F7, 2B, ...] {LOOPNZ 0x63; SUB EBP, [ESI+0x79]; IMUL DWORD [EBX]; OUTSB }
.text C:\windows\system32\taskeng.exe[5556] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[5556] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[5556] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\taskeng.exe[5556] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\taskhost.exe[5740] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[5740] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[5740] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[5740] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ntdll.dll!LdrUnloadDll 77B9C86E 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ntdll.dll!LdrLoadDll 77BA223E 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] kernel32.dll!GetBinaryTypeW + 70 769369F4 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetAsyncKeyState 7640A256 5 Bytes JMP 7281DD8D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CallNextHookEx 7640ABE1 5 Bytes JMP 72897BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW 7640EC7C 5 Bytes JMP 7289FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetKeyState 76412B4D 5 Bytes JMP 7281DC67 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DefWindowProcW 7641507D 7 Bytes JMP 72897C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW 7645E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!RealDriveType + 173D 76C4FDD0 4 Bytes [CF, 01, 2C, 6E] {IRET ; ADD [ESI+EBP*2], EBP}
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!RealDriveType + 1745 76C4FDD8 8 Bytes [E0, 61, 2B, 6E, 79, F7, 2B, ...] {LOOPNZ 0x63; SUB EBP, [ESI+0x79]; IMUL DWORD [EBX]; OUTSB }
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E2C7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E2CF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E2CAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E2C939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E2B5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E2C9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E2BF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E2C0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E2CF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E2D072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E2CF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E2D1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E2D1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E2BFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E2D1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E2BF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E2BFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E2D1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E2D12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E2D0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E2D1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E2D194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E2D1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E2BF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E2BF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E2D27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E2D136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E2D1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E2D0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E2D2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E2BF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E2D2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E2B7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E2BF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E2BE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E2B5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E2D140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E2D1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E2D1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E2C0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E2D218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E2D1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E2BFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E2D19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E2BFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E2D20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E2D0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E2D0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E2BFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E2D18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E2D1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E2D171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E2D17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E2C8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E2CCB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E2CD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E2CD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E2CC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E2CB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E2CA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E2CE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E2CA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E2C9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E2CE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E2C9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E2CA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E2BF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E2D2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E2B64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E2B4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E2B6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5420] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E2C7F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E2CF500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E2CC811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E2CAA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E2B5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E2CFCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E2D07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E2C939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E2B63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E2C029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E2B5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E2C9229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E2BF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E2B5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E2C0ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E2CF2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E2CF94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E2D072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E2CF9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E2D1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E2D1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E2BFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E2D1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E2BF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E2BFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E2D1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E2D12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E2D0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E2D1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E2D194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E2D1233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E2BF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E2BF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E2D27C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E2D136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E2D1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E2D0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E2D2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E2BF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E2D2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E2B7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E2BF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E2BE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E2B5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E2D140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E2D1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E2D1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E2C0123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E2D218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E2D1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E2BFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E2D19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E2BFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E2D20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E2D0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E2D0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E2BFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E2D18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E2D1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E2D171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E2D17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E2C8C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E2CCB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E2CD6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E2CD11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E2CC49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E2CB56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E2CB245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E2CA89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E2CE0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E2CABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E2CA249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E2C9AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E2CE457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E2CE089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E2C9F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E2CBC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E2CA56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E2B4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E2B6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E2BF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E2D1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E2D2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E2D2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E2D2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E2C0178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6E2B64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E2B4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E2B4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E2B4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E2B6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6100] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E2B47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE1 0x19 0x89 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xE1 0x19 0x89 0xC1 ...
---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites
Apologies if that last reply should have been via an attachment. With regards to your comments about 'connected to the same network device' - the desktop is not wirelss and connects via the ntl supplied modem, the laptop connects via a belkin router - does that help? The desktop does seem very slow. thanks again.

Share this post


Link to post
Share on other sites
Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

[COLOR=Blue]Please ensure you read this guide carefully first.[/COLOR]

Please continue as follows:

[LIST=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url=http://www.bleepingcomputer.com/forums/topic114351.html]link[/url]
Remember to re-enable them afterwards.


[*]Click [B]Yes[/B] to allow ComboFix to continue scanning for malware.
[/LIST]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[B]C:\ComboFix.txt
New dds log.[/B]

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/B][/COLOR]

Share this post


Link to post
Share on other sites
Hi, Combi files attached as requested. Thanks again.


ComboFix 12-01-30.02 - Morris 30/01/2012 19:06:13.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3033.1987 [GMT 0:00]
Running from: c:\users\Morris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQJ2HADZ\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Morris\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Morris\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 12:33 . 2012-01-29 12:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-29 12:31 . 2011-10-28 19:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-29 12:31 . 2012-01-29 12:31 -------- d-----w- c:\programdata\Lavasoft
2012-01-29 12:31 . 2012-01-29 12:31 -------- d-----w- c:\program files\Lavasoft
2012-01-27 17:47 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0222C985-FE51-4516-9928-7BD0A16C0683}\mpengine.dll
2012-01-26 20:46 . 2012-01-28 12:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-26 20:46 . 2012-01-26 21:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-26 19:27 . 2009-06-30 10:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-26 19:27 . 2012-01-26 19:27 -------- d-----w- c:\program files\Panda Security
2012-01-26 18:53 . 2012-01-26 18:53 -------- d-----w- c:\users\Morris\AppData\Local\ElevatedDiagnostics
2012-01-26 02:26 . 2012-01-26 02:27 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-01-26 02:26 . 2012-01-26 02:26 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-01-26 02:26 . 2012-01-26 02:26 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-01-26 02:25 . 2009-06-18 01:15 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-26 02:25 . 2009-06-18 01:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2012-01-26 02:25 . 2009-06-18 01:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-26 02:25 . 2009-06-18 01:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-26 02:25 . 2009-06-18 01:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2012-01-26 02:25 . 2009-04-09 05:23 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2012-01-26 02:25 . 2009-07-14 01:15 18432 ----a-w- c:\windows\system32\corpol.dll
2012-01-25 20:51 . 2012-01-25 20:51 -------- d-----w- c:\program files\Common Files\Java
2012-01-25 19:44 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-25 19:44 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-25 19:44 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-25 19:44 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-25 19:44 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-25 19:44 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-25 19:44 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-25 19:44 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-25 19:44 . 2012-01-25 19:44 -------- d-----w- c:\program files\AVAST Software
2012-01-25 18:32 . 2012-01-28 15:25 -------- d-----w- c:\windows\system32\wbem\repository
2012-01-23 18:30 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-23 18:30 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-23 18:30 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 11:51 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-15 11:51 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-15 11:51 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 11:51 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 11:51 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 11:51 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-15 11:51 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-15 11:51 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 11:51 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-15 11:51 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-15 11:51 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 12:22 . 2012-01-14 15:12 -------- d-----w- c:\users\Morris\AppData\Local\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 15:24 . 2010-01-20 19:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 10:08 . 2010-01-01 13:56 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:23 . 2011-11-25 15:23 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-21 15:06 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 05:54 . 2010-07-19 09:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-05 04:26 . 2011-12-21 15:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-21 15:07 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-21 15:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-21 15:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-21 15:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-17 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-27 137536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBD
*NewlyCreated* - PWDIYPOB
*Deregistered* - pwdiypob
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1001Core.job
- c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 19:14]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1001UA.job
- c:\users\Morris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 19:14]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 14:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-30 19:14:32
ComboFix-quarantined-files.txt 2012-01-30 19:14
.
Pre-Run: 215,811,194,880 bytes free
Post-Run: 215,754,440,704 bytes free
.
- - End Of File - - F838639CF1ADB41A72DB7CC17699C086

Share this post


Link to post
Share on other sites
Hi,

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

[quote]
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
[/quote]

[list]
[*]Go to the [b]File[/b] menu at the top of the Notepad and select [b]Save as[/b].
[*]Select save in: desktop
[*]Fill in File name: test.bat
[*]Save as type: All file types (*.*)
[*]Click [b]save[/b].
[*]Close the Notepad.
[*]Locate and double-click test.bat on the desktop.
[*]A notepad opens, copy and paste the content it (log1.txt) to your reply.[/list]

Share this post


Link to post
Share on other sites
Hi - hope this helps. I also have an MS DOS batch file after doing this, but am usure of how to attach it to my reply?
Thanks.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Morris-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 96-4C-E5-56-9C-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 90-4C-E5-56-9C-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e580:9dc6:bc22:91ac%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 January 2012 19:20:37
Lease Expires . . . . . . . . . . : 08 March 2148 13:45:36
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 311446757
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-44-72-96-00-13-77-B9-98-51
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-24-54-3D-F2-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.Belkin:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{E366DA8A-EC55-4CAC-9A1B-0C76A4645162}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2429:1a67:aff8:302a(Preferred)
Link-local IPv6 Address . . . . . : fe80::2429:1a67:aff8:302a%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Reusable ISATAP Interface {DE303132-9130-4EAA-B05D-05D95399FFC3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1
Name: google.com
Addresses: 209.85.229.99
209.85.229.105
209.85.229.104
209.85.229.147
209.85.229.103

Pinging google.com [209.85.229.147] with 32 bytes of data:
Reply from 209.85.229.147: bytes=32 time=24ms TTL=50
Reply from 209.85.229.147: bytes=32 time=29ms TTL=51
Ping statistics for 209.85.229.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 29ms, Average = 26ms
===========================================================================
Interface List
15...96 4c e5 56 9c 19 ......Microsoft Virtual WiFi Miniport Adapter
11...90 4c e5 56 9c 19 ......Atheros AR9285 Wireless Network Adapter
10...00 24 54 3d f2 f2 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.10 281
192.168.2.10 255.255.255.255 On-link 192.168.2.10 281
192.168.2.255 255.255.255.255 On-link 192.168.2.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.10 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:2429:1a67:aff8:302a/128
On-link
11 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2429:1a67:aff8:302a/128
On-link
11 281 fe80::e580:9dc6:bc22:91ac/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Share this post


Link to post
Share on other sites
Hi,

[quote]With regards to your comments about 'connected to the same network device' - the desktop is not wirelss and connects via the ntl supplied modem, the laptop connects via a belkin router[/quote]
It looks like Belkin router may need its settings set to default state. There should be a reset button behind the router. You need to press it for some time (15-30s should cause the router lights to blink). Then see if issues still exist.

Share this post


Link to post
Share on other sites
Hi, regrettably, this has not made any difference. Tried it twice, the second time I actually removed all cables before re-set, still no joy. What are the next steps please? Thanks v much.

Share this post


Link to post
Share on other sites
Hi,

1. Download [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]TDSSKiller[/url] and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select [b]skip[/b] and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Share this post


Link to post
Share on other sites
Hi, as soon as i try and start the scan for TDSSKiller.exe, I get the message 'TDSS rrotkit removing tool has stopped working' - i.e. a similar generic message to previous ones when I try a search in google etc. What a nightmare!! What else can we try please - are you still confidant this can be fixed? Thanks.

Share this post


Link to post
Share on other sites
Hi,

Download [url=http://public.avast.com/~gmerek/aswMBR.exe]aswMBR[/url] to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

Share this post


Link to post
Share on other sites
Hi, Yep, managed to get a scan from that download - please see below. Thanks.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 17:47:41
-----------------------------
17:47:41.269 OS Version: Windows 6.1.7601 Service Pack 1
17:47:41.269 Number of processors: 2 586 0x170A
17:47:41.269 ComputerName: MORRIS-PC UserName: Morris
17:47:42.268 Initialize success
17:47:42.346 AVAST engine defs: 12020100
17:47:57.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:57.010 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
17:47:57.041 Disk 0 MBR read successfully
17:47:57.041 Disk 0 MBR scan
17:47:57.041 Disk 0 unknown MBR code
17:47:57.057 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
17:47:57.072 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
17:47:57.088 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230738 MB offset 31664128
17:47:57.119 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230740 MB offset 504215552
17:47:57.119 Disk 0 scanning sectors +976771072
17:47:57.213 Disk 0 scanning C:\windows\system32\drivers
17:48:06.011 Service scanning
17:48:07.243 Modules scanning
17:48:17.602 Disk 0 trace - called modules:
17:48:17.633 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
17:48:17.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869ac9a8]
17:48:17.649 3 CLASSPNP.SYS[8bf6a59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b63028]
17:48:18.429 AVAST engine scan C:\windows
17:48:20.659 AVAST engine scan C:\windows\system32
17:50:24.836 AVAST engine scan C:\windows\system32\drivers
17:50:35.350 AVAST engine scan C:\Users\Morris
17:59:28.325 AVAST engine scan C:\ProgramData
18:00:33.034 Scan finished successfully
18:01:28.071 Disk 0 MBR has been saved successfully to "C:\Users\Morris\Desktop\MBR.dat"
18:01:28.071 The log file has been saved successfully to "C:\Users\Morris\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites
Hi,

Could you check if you have those browser issues when plugged into internet in the same way like your working system?

Share this post


Link to post
Share on other sites
Hi - I am unable to connect to the internet using the cable directly from the router - strange?! I have done a factory reset again on the router - no difference I'm afraid.

Share this post


Link to post
Share on other sites
From your earlier sayings:
[quote]the desktop is not wirelss and connects via the ntl supplied modem[/quote]


[quote]I am unable to connect to the internet using the cable directly from the router - strange?![/quote]
By router did you mean the modem? If not please try to connect this problematic system in the same way like the desktop.

Share this post


Link to post
Share on other sites
My apologies - I HAVE managed to connect directly from the modem - there is no difference, all problems still exist! Is there anything else that we can try - are we running out of options?! Thanks for your understanding.

Share this post


Link to post
Share on other sites
Hi,

Could you post a summary of current problems so I know what should still be tackled and if things we've done has removed any of the original issues?

Also, archive C:\Users\Morris\Desktop\[b]MBR.dat[/b] file into a zip file and upload to [url="http://www.bleepingcomputer.com/submit-malware.php?channel=76"]this site[/url].

Share this post


Link to post
Share on other sites
Good Morning, regrettably, all issues remain as they were initially. Mainly; if I try to search using Google, I get the 'internet has stopped working' generic message still. If I browse via Yahh for example, I do not have a proble. However, if I try to access any microcoft site or neary all sites which have 'virus' or 'malware' etc on their title, then I either get the same error message, or only part of the page loads ensuring that I can't download etc. When I have managed to download a file throughout this saga, invariably the various 'options' or 'check boxes' that are available are blanked out, so I am in effect working blind, or 'guessing' what they say. Finally, if i access (for example) 'internet options' via 'tools' on IE, all options are also blanked out. I am also unable to access social networking sites such as Facebook or Twitter - at best, a static homepage loads ensuring that I can't even log in! i will try and send you the zip file later - if I am 'allowed' to by the laptop! Is wiping the drive a (final) option? really appreciate your help, just so frustrating that we don't seem to have improved anything. Have the various fixes found any viruses/malware yet? Thanks.

Share this post


Link to post
Share on other sites
Hi,

In addition to uploading the file to the site linked in my previous post please do the following.


Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter

diskmgmt.msc

Capture and attach a screenshot of what you see there.

---

Please download [url="http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe"]MBRCheck.exe[/url] to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Share this post


Link to post
Share on other sites
Hi - MBRCheck seems to have found something - is this good news? Am struggling to attach the scree dump you asked for - can't copy and paste it. Any thoughts (sorry). Thanks.


MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R519/R719
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 194):
0x82C09000 \SystemRoot\system32\ntoskrnl.exe
0x8300C000 \SystemRoot\system32\halmacpi.dll
0x80BB2000 \SystemRoot\system32\kdcom.dll
0x8B412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B497000 \SystemRoot\system32\PSHED.dll
0x8B4A8000 \SystemRoot\system32\BOOTVID.dll
0x8B4B0000 \SystemRoot\system32\CLFS.SYS
0x8B4F2000 \SystemRoot\system32\CI.dll
0x8B59D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B60E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B61C000 \SystemRoot\system32\drivers\ACPI.sys
0x8B664000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B66D000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B675000 \SystemRoot\system32\drivers\pci.sys
0x8B69F000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B6AA000 \SystemRoot\System32\drivers\partmgr.sys
0x8B6BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B6C3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B6CE000 \SystemRoot\system32\drivers\volmgr.sys
0x8B6DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B729000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B73F000 \SystemRoot\system32\drivers\pavboot.sys
0x8B835000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B90F000 \SystemRoot\system32\drivers\atapi.sys
0x8B918000 \SystemRoot\system32\drivers\ataport.SYS
0x8B93B000 \SystemRoot\system32\drivers\msahci.sys
0x8B945000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B953000 \SystemRoot\system32\drivers\amdxata.sys
0x8B95C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B990000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B9A1000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B9B0000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BADF000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BB0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BB1D000 \SystemRoot\System32\Drivers\cng.sys
0x8BB7A000 \SystemRoot\System32\drivers\pcw.sys
0x8BB88000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B745000 \SystemRoot\system32\drivers\ndis.sys
0x8BB91000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BBCF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC32000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD7C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDAD000 \SystemRoot\system32\drivers\volsnap.sys
0x8BDEC000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDF4000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BE21000 \SystemRoot\System32\Drivers\mup.sys
0x8BE31000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BE39000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BE6B000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BE7C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BF99000 \SystemRoot\system32\drivers\cdrom.sys
0x9241F000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x9248C000 \SystemRoot\System32\Drivers\Null.SYS
0x92493000 \SystemRoot\System32\Drivers\Beep.SYS
0x9249A000 \SystemRoot\System32\drivers\vga.sys
0x924A6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x924C7000 \SystemRoot\System32\drivers\watchdog.sys
0x924D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x924DC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x924E4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x924EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x924F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92505000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9251C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92528000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x92533000 \SystemRoot\system32\drivers\afd.sys
0x9258D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x92594000 \SystemRoot\System32\DRIVERS\netbt.sys
0x925C6000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x925CF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x925D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x925F5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92606000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92614000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92627000 \SystemRoot\system32\drivers\termdd.sys
0x92638000 \??\C:\windows\system32\Drivers\SABI.sys
0x92640000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92681000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9268B000 \SystemRoot\system32\drivers\mssmbios.sys
0x92695000 \SystemRoot\System32\drivers\discache.sys
0x926A1000 \SystemRoot\System32\Drivers\dfsc.sys
0x926B9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x926C7000 \SystemRoot\System32\Drivers\aswSP.SYS
0x92712000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x93421000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x93A48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93AFF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93B38000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x93B43000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93B8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93B9D000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9603F000 \SystemRoot\system32\DRIVERS\athr.sys
0x9616C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96176000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x961A7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x961AB000 \SystemRoot\system32\drivers\i8042prt.sys
0x961C3000 \SystemRoot\system32\drivers\kbdclass.sys
0x961D0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96203000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96205000 \SystemRoot\system32\drivers\mouclass.sys
0x96212000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96224000 \SystemRoot\system32\drivers\CompositeBus.sys
0x96231000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x96243000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9625B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96266000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96288000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x962A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x962B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x962CE000 \SystemRoot\system32\drivers\swenum.sys
0x962D0000 \SystemRoot\system32\drivers\ks.sys
0x96304000 \SystemRoot\system32\drivers\umbus.sys
0x96312000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96356000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97816000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97AB5000 \SystemRoot\system32\drivers\portcls.sys
0x97AE4000 \SystemRoot\system32\drivers\drmk.sys
0x98470000 \SystemRoot\System32\win32k.sys
0x97AFD000 \SystemRoot\System32\drivers\Dxapi.sys
0x97B07000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97B14000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97BEE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x986D0000 \SystemRoot\System32\TSDDD.dll
0x98700000 \SystemRoot\System32\cdd.dll
0x96367000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9637E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x963A2000 \SystemRoot\system32\drivers\luafv.sys
0x963BD000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x9780B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x96000000 \SystemRoot\system32\drivers\WudfPf.sys
0x9601A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92733000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9602A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93BBC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x963F5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x92779000 \SystemRoot\system32\drivers\HTTP.sys
0x93BCF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93BE8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8BFB8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8BEA1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8BEDC000 \SystemRoot\system32\drivers\peauth.sys
0x92400000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8BF73000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9240A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB081D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB086D000 \SystemRoot\System32\DRIVERS\srv.sys
0xB0968000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0xB0AB7000 \SystemRoot\system32\DRIVERS\monitor.sys
0xB0AC2000 \SystemRoot\system32\drivers\hidusb.sys
0xB0ACD000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0xB0AE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB0AEB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB0B02000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB0B2C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77660000 \Windows\System32\ntdll.dll
0x482C0000 \Windows\System32\smss.exe
0x778A0000 \Windows\System32\apisetschema.dll
0x00340000 \Windows\System32\autochk.exe
0x774C0000 \Windows\System32\setupapi.dll
0x77870000 \Windows\System32\imm32.dll
0x77820000 \Windows\System32\Wldap32.dll
0x77800000 \Windows\System32\sechost.dll
0x77440000 \Windows\System32\comdlg32.dll
0x77320000 \Windows\System32\wininet.dll
0x77250000 \Windows\System32\msctf.dll
0x77130000 \Windows\System32\urlmon.dll
0x777C0000 \Windows\System32\ws2_32.dll
0x770D0000 \Windows\System32\shlwapi.dll
0x77000000 \Windows\System32\user32.dll
0x76F50000 \Windows\System32\rpcrt4.dll
0x777B0000 \Windows\System32\nsi.dll
0x76EA0000 \Windows\System32\msvcrt.dll
0x777A0000 \Windows\System32\psapi.dll
0x76E00000 \Windows\System32\usp10.dll
0x76D20000 \Windows\System32\kernel32.dll
0x76BC0000 \Windows\System32\ole32.dll
0x76BB0000 \Windows\System32\lpk.dll
0x76B20000 \Windows\System32\oleaut32.dll
0x76B10000 \Windows\System32\normaliz.dll
0x76AB0000 \Windows\System32\difxapi.dll
0x76A80000 \Windows\System32\imagehlp.dll
0x75E30000 \Windows\System32\shell32.dll
0x75DE0000 \Windows\System32\gdi32.dll
0x75C20000 \Windows\System32\iertutil.dll
0x75B90000 \Windows\System32\clbcatq.dll
0x75AF0000 \Windows\System32\advapi32.dll
0x75AA0000 \Windows\System32\KernelBase.dll
0x75A70000 \Windows\System32\cfgmgr32.dll
0x75A50000 \Windows\System32\devobj.dll
0x759C0000 \Windows\System32\comctl32.dll
0x758A0000 \Windows\System32\crypt32.dll
0x75870000 \Windows\System32\wintrust.dll
0x75860000 \Windows\System32\msasn1.dll
Processes (total 68):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
480 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1452 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1836 C:\Windows\System32\spoolsv.exe
1876 C:\Windows\System32\svchost.exe
1980 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2036 C:\Windows\System32\svchost.exe
388 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
1344 C:\Windows\System32\taskhost.exe
2052 C:\Windows\System32\taskeng.exe
2092 C:\Windows\System32\dwm.exe
2136 C:\Windows\explorer.exe
2276 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
2292 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
2404 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2428 C:\Windows\System32\svchost.exe
2464 C:\Windows\System32\svchost.exe
2536 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2548 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
2932 C:\Windows\System32\igfxext.exe
2976 C:\Windows\System32\igfxsrvc.exe
3352 C:\Windows\System32\igfxtray.exe
3364 C:\Windows\System32\hkcmd.exe
3372 C:\Windows\System32\igfxpers.exe
3404 C:\Windows\System32\igfxsrvc.exe
3468 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3484 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3592 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3624 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3632 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3844 C:\Program Files\Windows Sidebar\sidebar.exe
2400 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3620 C:\Windows\System32\SearchIndexer.exe
1512 C:\Program Files\Windows Media Player\wmpnetwk.exe
3360 C:\Windows\System32\svchost.exe
3128 C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
6096 C:\Program Files\Internet Explorer\iexplore.exe
5416 C:\Program Files\Internet Explorer\iexplore.exe
5772 C:\Program Files\Windows Live\Mail\wlmail.exe
1520 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5332 WmiPrvSE.exe
2628 C:\Windows\System32\wisptis.exe
6100 C:\Windows\System32\audiodg.exe
3140 WUDFHost.exe
1296 C:\Windows\servicing\TrustedInstaller.exe
2620 C:\Windows\System32\wuauclt.exe
1228 C:\Windows\System32\taskeng.exe
1244 C:\Windows\System32\ctfmon.exe
6140 C:\Windows\System32\dllhost.exe
2300 dllhost.exe
1124 dllhost.exe
3196 C:\Users\Morris\Downloads\MBRCheck.exe
1732 C:\Windows\System32\conhost.exe
\\.\C: --> [url="file://\.PhysicalDrive0"]\\.\PhysicalDrive0[/url] at offset 0x00000003`c6500000 (NTFS)
[url="file://\.D"]\\.\D[/url]: --> [url="file://\.PhysicalDrive0"]\\.\PhysicalDrive0[/url] at offset 0x0000003c`1b700000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHM500JI, Rev: 2AC101C4
Size Device Name MBR Status
--------------------------------------------
465 GB [url="file://\.PhysicalDrive0"]\\.\PhysicalDrive0[/url] Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0