Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32:Dropper-FFZ [Drp]


  • Please log in to reply
6 replies to this topic

#1 XEN0

XEN0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 September 2011 - 02:05 PM

Well i tried downloading something(a hack for a game i know i got what i deserved lol) anyway i found the file again and ran a scan on it and its a win32:Dropper-FFZ [Drp] so anyone know how to remove i seen another post here im running a gmer scan right now ill post it in the appropriate forum.
Anyway i read a trojan dropper is a file with more files in it so am i getting more files dumped in my computer through the internet or what?

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:01 PM

Posted 05 September 2011 - 02:07 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 XEN0

XEN0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 September 2011 - 04:31 PM

my system crashed while scanning do you want the dump also?

#4 XEN0

XEN0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 September 2011 - 07:06 PM

So Heres My Logs

SuperAntiSpyware Log - found something not a win32:Dropper-FFZ [Drp] its just a file to enable quick launch

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2010 at 04:04 PM

Application Version : 5.0.1118

Core Rules Database Version : 7645
Trace Rules Database Version: 5457

Scan type : Complete Scan
Total Scan Time : 02:00:59

Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 650
Memory threats detected : 0
Registry items scanned : 39179
Registry threats detected : 0
File items scanned : 54390
File threats detected : 138

Adware.Tracking Cookie
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\52JRH665.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\XG7QOZYP.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\EFXZL7A8.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\D6A3ZWLU.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\AY3P9W75.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\P89XQRF2.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\S1IFXD8Y.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BRTJ2UXL.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\J0F05D7V.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2FO3RVIM.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ZSLGISPI.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7IDPHFH4.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\96K376LW.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\EJJ84DOU.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\T784OW6T.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ZFZNDAN7.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\78FNR0VL.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YOWOJ7GD.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\W7CKIJ15.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YKJ9K2A3.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\133TAO0U.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\WA3YZYAE.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\LLTH9XVG.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8BEFMQSQ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8M4FV3C2.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BP15LHRJ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\CLO9UCGJ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\E0EAY7KW.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\65WEI4MC.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2W557MTZ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\Y2DZ15T3.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\1ZY1AXXL.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\3EC2IS6H.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\VZOJOHQL.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\MSZ3W8UF.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HJK6ZI7A.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\IT621YPX.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\VU4G8IHZ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\22NQEBCO.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\5IS1H828.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\JBUADAVH.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\WLGFP320.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\Y8PL40GR.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\WBWHK57L.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\TKYJT1Z5.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\5T8758CB.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\P8TA8GW6.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\UK1EPY7H.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\P6MWRPMM.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2AXPGN84.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\M2QI7RAG.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\9C2XHXTE.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\NWP9VHCX.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\KP9UEWQR.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\YLKWIO0A.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\XX24W1J8.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\LFZB1LG3.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BE1E5J8T.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\KB72CDCY.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\47JKR3ZT.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\36RUJO2I.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\TSG4NPNE.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\VE91UX9T.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\XMD9R200.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\L6KCJM21.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HXMD5EZN.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ELQB1KZ6.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8AB7XTR3.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FY3M0DV2.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\HXGI3R03.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\9GCVA6U2.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\X6NS9DZN.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2USX6GWT.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2WYSQYME.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8UH6BOKO.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\JG888YH0.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\BGRB2STA.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\9BWVX5G8.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\0SR0KGVD.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8098R04M.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FXTMZYW9.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\GQHY2MED.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\T16URBFJ.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\P7F35LFO.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\1PDPDJ65.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\G9XU4Z18.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7BSFM694.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\3N8XIFIT.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\OSKFI25R.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\EB22Z8XK.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\I543K1S0.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\MBO4W5K1.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\XS3JIM2D.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\8N8A5AQ8.txt
I:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\ML8FNAXG.txt
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ H:\DOCUMENTS AND SETTINGS\SKYWAKKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9RYDZH7T.DEFAULT\COOKIES.SQLITE ]
H:\DOCUMENTS AND SETTINGS\SKYWAKKER\COOKIES\SKYWAKKER@ATDMT[1].TXT
ad.insightexpressai.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6V5JQHN6 ]
msnbcmedia.msn.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6V5JQHN6 ]
multimedia.msn.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6V5JQHN6 ]
s0.2mdn.net [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6V5JQHN6 ]
.apmebf.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ I:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J136XBK5.DEFAULT\COOKIES.SQLITE ]
cdn.insights.gravity.com [ I:\USERS\SKYWAKKER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\STCCESF9 ]
msnbcmedia.msn.com [ I:\USERS\SKYWAKKER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\STCCESF9 ]

Application.Agent/Gen-TempZ
D:\TOOLZ\ENABLE QUICK LAUNCH.EXE
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes log - nothing found here i can assure you i have a win32:Dropper-FFZ [Drp] i opened the file containing it before i had an anti virus

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

3/20/2010 4:38:49 PM
mbam-log-2010-03-20 (16-38-49).txt

Scan type: Full scan (C:\|D:\|H:\|I:\|)
Objects scanned: 344723
Time elapsed: 2 hour(s), 35 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER log - if you dont find anything here ill re do it i was scanning and i crashed im pretty sure i saw stuff thats not in this log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2010-03-20 12:00:56
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600JB-00GVA0 rev.08.02D08
Running: lghrs6te.exe; Driver: I:\Users\ADMINI~1\AppData\Local\Temp\uwryiuoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89EE3202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FE2FD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89EE57F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89EE5848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89EE595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89EE5746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x89EE5898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89EE579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89EE590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89EE3226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FE2FE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x89EE2FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89EE324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89EE5D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89EE3CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89EE5820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89EE5870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89EE5988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89EE5772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89EE58D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89EE57C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89EE5936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FE2FED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89EE3BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89EE326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89EE3292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89EE304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89EE3186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89EE3162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89EE31AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89EE32B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FE45398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C438C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C634F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 138B 82C6A758 4 Bytes [02, 32, EE, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82C6A780 4 Bytes [8C, FD, E2, 8F]
.text ntoskrnl.exe!KeRemoveQueueEx + 1467 82C6A834 8 Bytes [F0, 57, EE, 89, 48, 58, EE, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 1473 82C6A840 4 Bytes [5E, 59, EE, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 82C6A85C 4 Bytes [46, 57, EE, 89]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DEFE6C 5 Bytes JMP 8FE40D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E17574 5 Bytes JMP 8FE4280A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E1DD51 4 Bytes CALL 89EE434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E5A89F 4 Bytes CALL 89EE4361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 82EDFCCA 7 Bytes JMP 8FE4539C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys 89636001 31 Bytes [27, 01, 83, A6, C1, 01, 83, ...]
.text sptd.sys 89636024 29 Bytes [1D, 89, C8, 82, 05, 50, D2, ...]
.text sptd.sys 89636042 10 Bytes [C4, 82, 2B, 58, DB, 82, 6D, ...]
.text sptd.sys 8963604D 163 Bytes [CF, C3, 82, 0D, 44, C6, 82, ...]
.text sptd.sys 896360F1 191 Bytes [58, C6, 82, F0, E6, C3, 82, ...]
.text ...
.sptd2 I:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x896E09E3]
? I:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 91F5ED18 5 Bytes JMP 85E961C8
.text amxn13iv.SYS 8FEA4000 52 Bytes [A0, 27, 01, 83, 44, 48, 01, ...]
.text amxn13iv.SYS 8FEA4035 177 Bytes [00, 00, 00, D0, E3, C3, 82, ...]
.text amxn13iv.SYS 8FEA40E7 23 Bytes [00, 38, 0F, 00, 00, 00, 00, ...]
.text amxn13iv.SYS 8FEA40FF 704 Bytes [4E, 0E, 10, 0F, D2, 0D, 94, ...]
.text amxn13iv.SYS 8FEA43C0 99 Bytes [57, 80, 56, 30, 54, E0, 55, ...]
.text ...
.text kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe[396] KERNEL32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\wininit.exe[544] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000303FC
.text I:\Windows\system32\wininit.exe[544] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000301F8
.text I:\Windows\system32\wininit.exe[544] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 000C0A08
.text I:\Windows\system32\wininit.exe[544] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000C03FC
.text I:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 000C0804
.text I:\Windows\system32\wininit.exe[544] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000C01F8
.text I:\Windows\system32\wininit.exe[544] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 000C0600
.text I:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00160A08
.text I:\Windows\system32\services.exe[600] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001603FC
.text I:\Windows\system32\services.exe[600] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00160804
.text I:\Windows\system32\services.exe[600] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001601F8
.text I:\Windows\system32\services.exe[600] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00160600
.text I:\Windows\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000A03FC
.text I:\Windows\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000A01F8
.text I:\Windows\system32\lsass.exe[616] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00740A08
.text I:\Windows\system32\lsass.exe[616] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 007403FC
.text I:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00740804
.text I:\Windows\system32\lsass.exe[616] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 007401F8
.text I:\Windows\system32\lsass.exe[616] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00740600
.text I:\Windows\system32\lsm.exe[624] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\lsm.exe[624] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\lsm.exe[624] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\lsm.exe[624] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00140A08
.text I:\Windows\system32\lsm.exe[624] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001403FC
.text I:\Windows\system32\lsm.exe[624] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00140804
.text I:\Windows\system32\lsm.exe[624] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001401F8
.text I:\Windows\system32\lsm.exe[624] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00140600
.text I:\Windows\system32\winlogon.exe[672] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000303FC
.text I:\Windows\system32\winlogon.exe[672] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000301F8
.text I:\Windows\system32\winlogon.exe[672] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\winlogon.exe[672] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00100A08
.text I:\Windows\system32\winlogon.exe[672] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001003FC
.text I:\Windows\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00100804
.text I:\Windows\system32\winlogon.exe[672] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001001F8
.text I:\Windows\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00100600
.text I:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[760] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00150A08
.text I:\Windows\system32\svchost.exe[760] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001503FC
.text I:\Windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00150804
.text I:\Windows\system32\svchost.exe[760] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001501F8
.text I:\Windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00150600
.text I:\Program Files\Internet Explorer\iexplore.exe[776] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Internet Explorer\iexplore.exe[776] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Internet Explorer\iexplore.exe[776] kernel32.dll!CreateThread 767A279D 5 Bytes JMP 6A4B71CB I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!EnableWindow 75B0A72E 5 Bytes JMP 6A4F98BC I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 6A53EA08 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!CallNextHookEx 75B0CC8F 5 Bytes JMP 6A517A4F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000803FC
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DefWindowProcA 75B0E0E4 7 Bytes JMP 6A4B93F5 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!CreateWindowExA 75B0E18A 5 Bytes JMP 6A4C3223 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!CreateWindowExW 75B10E51 5 Bytes JMP 6A51FE2F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 6A4F204C I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000801F8
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DefWindowProcW 75B1724B 7 Bytes JMP 6A517AB2 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxIndirectParamW 75B34AA7 5 Bytes JMP 6A645E8E I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxParamW 75B3564A 5 Bytes JMP 6A4515E3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00080600
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxParamA 75B4CF6A 5 Bytes JMP 6A645E29 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!DialogBoxIndirectParamA 75B4D29C 5 Bytes JMP 6A645EF3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxIndirectA 75B5E8C9 5 Bytes JMP 6A645DB0 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxIndirectW 75B5E9C3 5 Bytes JMP 6A645D37 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxExA 75B5EA29 5 Bytes JMP 6A645CD3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] USER32.dll!MessageBoxExW 75B5EA4D 5 Bytes JMP 6A645C6F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[776] ole32.dll!OleLoadFromStream 75DF5BF6 5 Bytes JMP 6A646676 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Windows\system32\nvvsvc.exe[844] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Windows\system32\nvvsvc.exe[844] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Windows\system32\nvvsvc.exe[844] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\nvvsvc.exe[844] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 001F0A08
.text I:\Windows\system32\nvvsvc.exe[844] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001F03FC
.text I:\Windows\system32\nvvsvc.exe[844] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 001F0804
.text I:\Windows\system32\nvvsvc.exe[844] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001F01F8
.text I:\Windows\system32\nvvsvc.exe[844] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 001F0600
.text I:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[888] user32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 001D0A08
.text I:\Windows\system32\svchost.exe[888] user32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001D03FC
.text I:\Windows\system32\svchost.exe[888] user32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 001D0804
.text I:\Windows\system32\svchost.exe[888] user32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001D01F8
.text I:\Windows\system32\svchost.exe[888] user32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 001D0600
.text I:\Windows\System32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\System32\svchost.exe[948] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\System32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00250A08
.text I:\Windows\System32\svchost.exe[948] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002503FC
.text I:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00250804
.text I:\Windows\System32\svchost.exe[948] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002501F8
.text I:\Windows\System32\svchost.exe[948] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00250600
.text I:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00360A08
.text I:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 003603FC
.text I:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00360804
.text I:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 003601F8
.text I:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00360600
.text I:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00A20A08
.text I:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 00A203FC
.text I:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00A20804
.text I:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 00A201F8
.text I:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00A20600
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00200A08
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002003FC
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00200804
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002001F8
.text I:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1116] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00200600
.text I:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00210A08
.text I:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002103FC
.text I:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00210804
.text I:\Windows\system32\svchost.exe[1264] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002101F8
.text I:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00210600
.text I:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00920A08
.text I:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 009203FC
.text I:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00920804
.text I:\Windows\system32\svchost.exe[1360] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 009201F8
.text I:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00920600
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 001F0A08
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001F03FC
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 001F0804
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001F01F8
.text I:\Program Files\REACTOR\ijjiOptimizer.exe[1424] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 001F0600
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 001F0A08
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001F03FC
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 001F0804
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001F01F8
.text I:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1428] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 001F0600
.text I:\Windows\system32\nvvsvc.exe[1444] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Windows\system32\nvvsvc.exe[1444] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Windows\system32\nvvsvc.exe[1444] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\nvvsvc.exe[1444] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 002F0A08
.text I:\Windows\system32\nvvsvc.exe[1444] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002F03FC
.text I:\Windows\system32\nvvsvc.exe[1444] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 002F0804
.text I:\Windows\system32\nvvsvc.exe[1444] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002F01F8
.text I:\Windows\system32\nvvsvc.exe[1444] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 002F0600
.text I:\Windows\system32\sppsvc.exe[1508] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000703FC
.text I:\Windows\system32\sppsvc.exe[1508] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000701F8
.text I:\Windows\system32\sppsvc.exe[1508] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\sppsvc.exe[1508] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00110A08
.text I:\Windows\system32\sppsvc.exe[1508] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001103FC
.text I:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00110804
.text I:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001101F8
.text I:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00110600
.text I:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!SetUnhandledExceptionFilter 767A30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text I:\Program Files\AVAST Software\Avast\AvastSvc.exe[1596] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[1984] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[1984] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00430A08
.text I:\Windows\system32\svchost.exe[1984] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 004303FC
.text I:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00430804
.text I:\Windows\system32\svchost.exe[1984] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 004301F8
.text I:\Windows\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00430600
.text I:\Windows\system32\taskhost.exe[2248] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000903FC
.text I:\Windows\system32\taskhost.exe[2248] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000901F8
.text I:\Windows\system32\taskhost.exe[2248] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\taskhost.exe[2248] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00230A08
.text I:\Windows\system32\taskhost.exe[2248] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002303FC
.text I:\Windows\system32\taskhost.exe[2248] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00230804
.text I:\Windows\system32\taskhost.exe[2248] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002301F8
.text I:\Windows\system32\taskhost.exe[2248] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00230600
.text I:\Windows\system32\Dwm.exe[2328] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000A03FC
.text I:\Windows\system32\Dwm.exe[2328] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000A01F8
.text I:\Windows\system32\Dwm.exe[2328] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\Dwm.exe[2328] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00130A08
.text I:\Windows\system32\Dwm.exe[2328] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001303FC
.text I:\Windows\system32\Dwm.exe[2328] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00130804
.text I:\Windows\system32\Dwm.exe[2328] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001301F8
.text I:\Windows\system32\Dwm.exe[2328] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00130600
.text I:\Windows\Explorer.EXE[2352] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\Explorer.EXE[2352] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\Explorer.EXE[2352] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\Explorer.EXE[2352] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00110A08
.text I:\Windows\Explorer.EXE[2352] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001103FC
.text I:\Windows\Explorer.EXE[2352] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00110804
.text I:\Windows\Explorer.EXE[2352] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001101F8
.text I:\Windows\Explorer.EXE[2352] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00110600
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00120A08
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001203FC
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00120804
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001201F8
.text I:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[2480] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00120600
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00110A08
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001103FC
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00110804
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001101F8
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe[2508] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00110600
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00220A08
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002203FC
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00220804
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002201F8
.text I:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2544] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00220600
.text I:\Program Files\AVAST Software\Avast\AvastUI.exe[2560] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 000F0A08
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000F03FC
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 000F0804
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000F01F8
.text I:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe[2576] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 000F0600
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00200A08
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002003FC
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00200804
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002001F8
.text I:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2788] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00200600
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 001F0A08
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001F03FC
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 001F0804
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001F01F8
.text I:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2988] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 001F0600
.text I:\Windows\system32\AUDIODG.EXE[3132] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001703FC
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001701F8
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00200A08
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002003FC
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00200804
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002001F8
.text I:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3352] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00200600
.text I:\Windows\system32\SearchIndexer.exe[3356] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\SearchIndexer.exe[3356] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\SearchIndexer.exe[3356] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\SearchIndexer.exe[3356] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00100A08
.text I:\Windows\system32\SearchIndexer.exe[3356] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001003FC
.text I:\Windows\system32\SearchIndexer.exe[3356] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00100804
.text I:\Windows\system32\SearchIndexer.exe[3356] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001001F8
.text I:\Windows\system32\SearchIndexer.exe[3356] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00100600
.text I:\Windows\System32\spoolsv.exe[3528] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\System32\spoolsv.exe[3528] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\System32\spoolsv.exe[3528] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\System32\spoolsv.exe[3528] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00150A08
.text I:\Windows\System32\spoolsv.exe[3528] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 001503FC
.text I:\Windows\System32\spoolsv.exe[3528] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00150804
.text I:\Windows\System32\spoolsv.exe[3528] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 001501F8
.text I:\Windows\System32\spoolsv.exe[3528] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00150600
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001803FC
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001801F8
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00220A08
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002203FC
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00220804
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002201F8
.text I:\Program Files\Windows Media Player\wmpnetwk.exe[3564] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00220600
.text I:\Windows\system32\svchost.exe[3652] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\system32\svchost.exe[3652] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\system32\svchost.exe[3652] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\system32\svchost.exe[3652] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00470A08
.text I:\Windows\system32\svchost.exe[3652] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 004703FC
.text I:\Windows\system32\svchost.exe[3652] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00470804
.text I:\Windows\system32\svchost.exe[3652] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 004701F8
.text I:\Windows\system32\svchost.exe[3652] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00470600
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!CreateThread 767A279D 5 Bytes JMP 6A4B71CB I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!EnableWindow 75B0A72E 5 Bytes JMP 6A4F98BC I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 6A53EA08 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!CallNextHookEx 75B0CC8F 5 Bytes JMP 6A517A4F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000803FC
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DefWindowProcA 75B0E0E4 7 Bytes JMP 6A4B93F5 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!CreateWindowExA 75B0E18A 5 Bytes JMP 6A4C3223 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!CreateWindowExW 75B10E51 5 Bytes JMP 6A51FE2F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 6A4F204C I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000801F8
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DefWindowProcW 75B1724B 7 Bytes JMP 6A517AB2 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxIndirectParamW 75B34AA7 5 Bytes JMP 6A645E8E I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxParamW 75B3564A 5 Bytes JMP 6A4515E3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00080600
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxParamA 75B4CF6A 5 Bytes JMP 6A645E29 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!DialogBoxIndirectParamA 75B4D29C 5 Bytes JMP 6A645EF3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxIndirectA 75B5E8C9 5 Bytes JMP 6A645DB0 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxIndirectW 75B5E9C3 5 Bytes JMP 6A645D37 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxExA 75B5EA29 5 Bytes JMP 6A645CD3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] USER32.dll!MessageBoxExW 75B5EA4D 5 Bytes JMP 6A645C6F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3708] ole32.dll!OleLoadFromStream 75DF5BF6 5 Bytes JMP 6A646676 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Windows\System32\svchost.exe[4016] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000603FC
.text I:\Windows\System32\svchost.exe[4016] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000601F8
.text I:\Windows\System32\svchost.exe[4016] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Windows\System32\svchost.exe[4016] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00250A08
.text I:\Windows\System32\svchost.exe[4016] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 002503FC
.text I:\Windows\System32\svchost.exe[4016] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00250804
.text I:\Windows\System32\svchost.exe[4016] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 002501F8
.text I:\Windows\System32\svchost.exe[4016] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00250600
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] kernel32.dll!CreateThread 767A279D 5 Bytes JMP 6A4B71CB I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!EnableWindow 75B0A72E 5 Bytes JMP 6A4F98BC I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 6A53EA08 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CallNextHookEx 75B0CC8F 5 Bytes JMP 6A517A4F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000803FC
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DefWindowProcA 75B0E0E4 7 Bytes JMP 6A4B93F5 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExA 75B0E18A 5 Bytes JMP 6A4C3223 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!CreateWindowExW 75B10E51 5 Bytes JMP 6A51FE2F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 6A4F204C I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000801F8
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DefWindowProcW 75B1724B 7 Bytes JMP 6A517AB2 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamW 75B34AA7 5 Bytes JMP 6A645E8E I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamW 75B3564A 5 Bytes JMP 6A4515E3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00080600
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxParamA 75B4CF6A 5 Bytes JMP 6A645E29 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!DialogBoxIndirectParamA 75B4D29C 5 Bytes JMP 6A645EF3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectA 75B5E8C9 5 Bytes JMP 6A645DB0 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxIndirectW 75B5E9C3 5 Bytes JMP 6A645D37 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExA 75B5EA29 5 Bytes JMP 6A645CD3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] USER32.dll!MessageBoxExW 75B5EA4D 5 Bytes JMP 6A645C6F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4136] ole32.dll!OleLoadFromStream 75DF5BF6 5 Bytes JMP 6A646676 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!EnableWindow 75B0A72E 5 Bytes JMP 6A4F98BC I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 000F0A08
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000F03FC
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 000F0804
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000F01F8
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 75B34AA7 5 Bytes JMP 6A645E8E I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamW 75B3564A 5 Bytes JMP 6A4515E3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 000F0600
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamA 75B4CF6A 5 Bytes JMP 6A645E29 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamA 75B4D29C 5 Bytes JMP 6A645EF3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectA 75B5E8C9 5 Bytes JMP 6A645DB0 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectW 75B5E9C3 5 Bytes JMP 6A645D37 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExA 75B5EA29 5 Bytes JMP 6A645CD3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExW 75B5EA4D 5 Bytes JMP 6A645C6F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 000503FC
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 000501F8
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] kernel32.dll!CreateThread 767A279D 5 Bytes JMP 6A4B71CB I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!EnableWindow 75B0A72E 5 Bytes JMP 6A4F98BC I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 6A53EA08 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!CallNextHookEx 75B0CC8F 5 Bytes JMP 6A517A4F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 000F03FC
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DefWindowProcA 75B0E0E4 7 Bytes JMP 6A4B93F5 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!CreateWindowExA 75B0E18A 5 Bytes JMP 6A4C3223 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!CreateWindowExW 75B10E51 5 Bytes JMP 6A51FE2F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 6A4F204C I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 000F01F8
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DefWindowProcW 75B1724B 7 Bytes JMP 6A517AB2 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxIndirectParamW 75B34AA7 5 Bytes JMP 6A645E8E I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxParamW 75B3564A 5 Bytes JMP 6A4515E3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 000F0600
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxParamA 75B4CF6A 5 Bytes JMP 6A645E29 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!DialogBoxIndirectParamA 75B4D29C 5 Bytes JMP 6A645EF3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxIndirectA 75B5E8C9 5 Bytes JMP 6A645DB0 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxIndirectW 75B5E9C3 5 Bytes JMP 6A645D37 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxExA 75B5EA29 5 Bytes JMP 6A645CD3 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] USER32.dll!MessageBoxExW 75B5EA4D 5 Bytes JMP 6A645C6F I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[5156] ole32.dll!OleLoadFromStream 75DF5BF6 5 Bytes JMP 6A646676 I:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] ntdll.dll!LdrUnloadDll 7761BEAF 5 Bytes JMP 001603FC
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] ntdll.dll!LdrLoadDll 7761F5B5 5 Bytes JMP 001601F8
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] kernel32.dll!GetBinaryTypeW + 70 767B78FC 1 Byte [62]
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] USER32.dll!UnhookWindowsHookEx 75B0CC7B 5 Bytes JMP 00310A08
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] USER32.dll!UnhookWinEvent 75B0D924 5 Bytes JMP 003103FC
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] USER32.dll!SetWindowsHookExW 75B1210A 5 Bytes JMP 00310804
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] USER32.dll!SetWinEventHook 75B1507E 5 Bytes JMP 003101F8
.text I:\Users\Administrator\Desktop\lghrs6te.exe[7864] USER32.dll!SetWindowsHookExA 75B36DFA 5 Bytes JMP 00310600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8963770C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89637EEE] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8963820E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [896380CC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [896378F0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\ataport.SYS[ntoskrnl.exe!KeInsertQueueDpc] 84C5A5E8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc] 85E965E8
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlInitUnicodeString] CCCCC35D
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlCompareMemory] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoWMIRegistrationControl] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IofCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IofCallDriver] 56EC8B55
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ZwClose] 8508758B
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlQueryRegistryValues] F6840FF6
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [83000002] \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!PoCallDriver] 0F000C7D
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 0002EC84
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoStartNextPacket] 107D8300
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoCreateDevice] E2840F00
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoDetachDevice] [83000002] \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoFreeWorkItem] 0F00147D
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoDeleteDevice] 0002D884
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] 20558B00
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] 8B24458B
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ObfReferenceObject] 0FC80BCA
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] 0002C884
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] 1C4D8B00
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 1274C985
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] E761C181
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] F981FFFF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!NlsMbCodePageTag] 0000E761
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlInitAnsiString] 02AF870F
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeSetEvent] 7D830000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoFreeIrp] 840F0028
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoCancelIrp] 000002A5
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeWaitForSingleObject] 0577C085
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAllocateIrp] [76FFFA83] \Windows\System32\shell32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeInitializeEvent] 06F9B808
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] 5D5E0000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlGetVersion] 5D8B53C3
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoInitializeTimer] B60F5718
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] 00C3F7FB
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 75000080
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoSetStartIoAttributes] 80FF8112
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoStartPacket] 74000000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!PoRequestPowerIrp] B85B5F0A
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoStopTimer] 000006F9
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoStartTimer] 8BC35D5E
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAllocateWorkItem] E8523856
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] FFFFD1EE
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] 8304C483
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoQueueWorkItem] 0000B0BE
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoFreeMdl] 46890000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] F619743C
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAllocateMdl] 0000D086
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 06741000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] FDA6E856
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!memmove] B7BFFFFF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] E9000000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeDelayExecutionThread] 00000225
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] 75003E80
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] 80FF8112
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoBuildPartialMdl] 74000000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] 06F9BF4F
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0EE90000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ZwOpenKey] 85000002
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ZwEnumerateValueKey] 834174FF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] 3C7401FF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeTickCount] 7402FF83
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeBugCheckEx] 03FF8337
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!memset] FF833274
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!memcpy] 832D7404
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 287405FF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoWMIWriteEvent] 7406FF83
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!ExFreePoolWithTag] 07FF8323
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!_vsnwprintf] FF831E74
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] 83197408
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!_vsnprintf] 14740CFF
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!MmUnlockPages] 740DFF83
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!KeGetCurrentThread] 0EFF830F
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!MmProbeAndLockPages] F9BF0A74
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] E9000006
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] 000001C9
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!IoGetIoPriorityHint] 009DBE80
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!EtwWrite] 75000000
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!EtwUnregister] B1C03291
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!EtwEventEnabled] 74FF8510
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!EtwProviderEnabled] 01FF832C
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!EtwRegister] FF832774
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[ntoskrnl.exe!RtlUnwind] 8D227402
IAT \SystemRoot\System32\Drivers\amxn13iv.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 10C483FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743D2494] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743B5624] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743B56E2] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743D250F] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743C8573] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743C4D27] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743C50CE] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743C51A3] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743C66D0] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743C82CA] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743C8819] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743C907A] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CE21D] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT I:\Windows\Explorer.EXE[2352] @ I:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743C4C59] I:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C621E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{72F0525D-135A-43B5-B558-EC5399E2856C} 85DB91E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7931CB22-4BED-4C65-A146-6C8588595AC1} 85DB91E8
Device \Driver\usbuhci \Device\USBPDO-0 85E951E8
Device \Driver\usbuhci \Device\USBPDO-1 85E951E8
Device \Driver\usbuhci \Device\USBPDO-2 85E951E8
Device \Driver\usbuhci \Device\USBPDO-3 85E951E8
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 85E8B430

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85CC6368
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C601E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84C601E8
Device \Driver\atapi \Device\Ide\IdePort0 84C601E8
Device \Driver\atapi \Device\Ide\IdePort1 84C601E8
Device \Driver\atapi \Device\Ide\IdePort2 84C601E8
Device \Driver\atapi \Device\Ide\IdePort3 84C601E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 84C601E8
Device \Driver\cdrom \Device\CdRom1 85CC6368
Device \Driver\cdrom \Device\CdRom2 85CC6368

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000074 85CCC1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000075 85CCC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85DB91E8
Device \Driver\PCI_PNP5116 \Device\0000004e sptd.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 85E951E8
Device \Driver\usbuhci \Device\USBFDO-1 85E951E8
Device \Driver\usbuhci \Device\USBFDO-2 85E951E8
Device \Driver\usbuhci \Device\USBFDO-3 85E951E8
Device \Driver\usbehci \Device\USBFDO-4 85E8B430
Device \Driver\amxn13iv \Device\Scsi\amxn13iv1 85FF91E8
Device \Driver\amxn13iv \Device\Scsi\amxn13iv1Port4Path0Target0Lun0 85FF91E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6F 0x90 0x80 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xFE 0x80 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x5F 0xD3 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xAA 0x36 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0xFE 0x80 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x5F 0xD3 0xA5 ...

---- EOF - GMER 1.0.15 ----

#5 XEN0

XEN0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 September 2011 - 07:08 PM

logs posted check it out under the name of win32:Dropper-FFZ [Drp] AKA Win32.Dropper-gen.Drp

EDIT: Topics merged ~Budapest

Edited by Budapest, 05 September 2011 - 07:28 PM.


#6 XEN0

XEN0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 September 2011 - 10:35 PM

bump

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:01 PM

Posted 12 September 2011 - 08:25 PM

Are you actively using the Administrator Account for normal computer use?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users