Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect on Windows Vista


  • Please log in to reply
13 replies to this topic

#1 mhale

mhale

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 January 2012 - 06:37 PM

My wife's laptop has a redirect virus that's showing up in IE and Google Chrome. It shows up any time you click on item retturned by a search engine.
I installed McAffe after the fact and it doesnt fix it. Tried search and destroy and Norton Power Eraser but no luck. The Windows Defender and Firewall are also unavailable. The System Restore dates are gone (erased?) before the date that this showed up. I'm not a computer guru, but know my way around a bit- but I'm at my wits end.

Any help would be appreciated- thanks in advance

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:07 PM

Posted 02 January 2012 - 08:20 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 07:30 AM

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 6
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Farbar Service Scanner
Ran by cubstuff (administrator) on 02-01-2012 at 19:26:02
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-09-17 04:30] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-17 04:31] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-09-17 04:31] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-09-17 04:31] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar
Ran by cubstuff (administrator) on 02-01-2012 at 17:55:09
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Stacy-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-D2-4B-DA-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4410:a1da:e6d6:56d6%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 02, 2012 5:04:10 PM
Lease Expires . . . . . . . . . . : Tuesday, January 03, 2012 5:04:10 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 301999314
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-42-FD-B5-00-1E-33-A4-AE-95
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : austin.rr.com
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-B1-1C-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.austin.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.227.48] with 32 bytes of data:

Reply from 74.125.227.48: bytes=32 time=27ms TTL=53

Reply from 74.125.227.48: bytes=32 time=24ms TTL=53



Ping statistics for 74.125.227.48:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 27ms, Average = 25ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=24ms TTL=54

Reply from 209.191.122.70: bytes=32 time=23ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 24ms, Average = 23ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 d2 4b da df ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 1e 33 b1 1c 58 ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.austin.rr.com
14 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.69 281
192.168.1.69 255.255.255.255 On-link 192.168.1.69 281
192.168.1.255 255.255.255.255 On-link 192.168.1.69 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.69 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.69 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::4410:a1da:e6d6:56d6/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2012 05:57:39 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1f2c, application start time 0xnslookup.exe0.

Error: (01/02/2012 05:57:34 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x14e0, application start time 0xnslookup.exe0.

Error: (01/02/2012 05:56:53 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1f7c, application start time 0xnslookup.exe0.

Error: (01/02/2012 05:05:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2012 04:46:10 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/02/2012 04:14:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2012 03:58:45 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (01/02/2012 03:56:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2012 01:58:44 PM) (Source: Windows Backup) (User: )
Description: File backup failed. The error is: Access is denied. (0x80070005).

Error: (01/02/2012 11:47:49 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (01/02/2012 05:09:25 PM) (Source: DCOM) (User: )
Description: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A}

Error: (01/02/2012 05:05:34 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Servicewscsvc

Error: (01/02/2012 05:05:34 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/02/2012 05:05:34 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (01/02/2012 05:05:34 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (01/02/2012 05:05:34 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (01/02/2012 05:04:03 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:02:31 PM on 1/2/2012 was unexpected.

Error: (01/02/2012 04:14:19 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Servicewscsvc

Error: (01/02/2012 04:14:19 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/02/2012 04:14:19 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2


Microsoft Office Sessions:
=========================
Error: (06/07/2011 08:17:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Amazon Links (Version: 1.0)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AT&T Yahoo! Messenger
Atheros Driver Installation Program (Version: 5.2)
Atheros Wi-Fi Protected Setup Library
BodyMedia SYNC (Version: 2.0.5.90)
Bonjour (Version: 3.0.0.10)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Conduit Engine (Version: )
DVD MovieFactory for TOSHIBA (Version: 5.51)
Google Chrome (Version: 16.0.912.63)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.5.8.4958)
Google Update Helper (Version: 1.3.21.79)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes (Version: 10.5.1.42)
Java™ 6 Update 6 (Version: 1.6.0.60)
Kies mini (Version: 1.00.0000)
League of Legends (Version: 1.3)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech QuickCam (Version: 11.70.1200)
Logitech QuickCam Driver Package
McAfee SecurityCenter (Version: 10.5.247)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft XML Parser (Version: 8.20.8730.4)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetZero Internet Access Installer (Version: 1.0.874)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PageRage Toolbar (Version: 6.3.5.3)
Pando Media Booster (Version: 2.3.6.0)
Picasa 3 (Version: 3.8)
QuickBooks Financial Center (Version: 1.10.0000)
QuickTime (Version: 7.71.80.42)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
Realtek USB 2.0 Card Reader (Version: )
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Safari (Version: 5.34.51.22)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
SES Driver (Version: 1.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
The Lord of the Rings Online™ v03.03.05.8039 (Version: 03.03.05.8039)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.08)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Service Station (Version: 1.1.14)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04)
TOSHIBA Value Added Package (Version: 1.1.24)
WildTangent Games (Version: 1.0.0.62)
Window Shopper (Version: 01.02.0003)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
Wizard101 (Version: 1.0.0)
Yahoo! Toolbar
Yontoo Layers Client 1.10.01 (Version: 1.10.01)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1915.25 MB
Available physical RAM: 760.07 MB
Total Pagefile: 4075.79 MB
Available Pagefile: 2464.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.94 MB

========================= Partitions: =====================================

1 Drive c: (SQ004890V03) (Fixed) (Total:224.2 GB) (Free:138.49 GB) NTFS

========================= Users: ========================================

User accounts for \\STACY-LAPTOP

Administrator ASPNET cubstuff
Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini010212-01.dmp
C:\Windows\Minidump\Mini010212-02.dmp
C:\Windows\Minidump\Mini010212-03.dmp
C:\Windows\Minidump\Mini010212-04.dmp
C:\Windows\Minidump\Mini021610-01.dmp
C:\Windows\Minidump\Mini121111-01.dmp
C:\Windows\Minidump\Mini121111-02.dmp
C:\Windows\Minidump\Mini121111-03.dmp
C:\Windows\Minidump\Mini121211-01.dmp
C:\Windows\Minidump\Mini121711-01.dmp
C:\Windows\Minidump\Mini121711-02.dmp
C:\Windows\Minidump\Mini122011-01.dmp
C:\Windows\Minidump\Mini122011-02.dmp
C:\Windows\Minidump\Mini122311-01.dmp
C:\Windows\Minidump\Mini122311-02.dmp
C:\Windows\Minidump\Mini122311-03.dmp
C:\Windows\Minidump\Mini122411-01.dmp
C:\Windows\Minidump\Mini122711-01.dmp
C:\Windows\Minidump\Mini123111-01.dmp

**** End of log ****

#4 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 07:31 AM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
cubstuff :: STACY-LAPTOP [administrator]

1/2/2012 7:31:09 PM
mbam-log-2012-01-02 (19-31-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194335
Time elapsed: 22 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\users\cubstuff\appdata\local\temp\low\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\cubstuff\SmileyCentral.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#5 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 07:34 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 06:11:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: 3l9qymr9.exe; Driver: C:\Users\cubstuff\AppData\Local\Temp\kwdyrpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B80D48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B80D72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B80D5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B80D34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82475982 5 Bytes JMP 82B80D38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8263B143 5 Bytes JMP 82B80D76 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8265A89A 7 Bytes JMP 82B80D4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8265AB5D 5 Bytes JMP 82B80D62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\drivers\auwmpdyg.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88353480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88394900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00730084
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00730073
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 007300B0
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 0073009F
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00730F7E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00730FD4
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00730F52
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00730F9B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00730047
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 75B09554 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00730058
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00730036
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00730F63
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 007300CB
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00730000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00730F23
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00D00FA1
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 7762804B 5 Bytes JMP 00D0002C
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00D00FCD
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 7762D106 5 Bytes JMP 00D00000
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00D00FBC
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00D00011
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00940025
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00940040
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00940014
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00940FD4
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00940FC3
.text C:\Windows\system32\svchost.exe[752] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00CF0FE5
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 005A0FE5
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 005A0FAF
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 005A0FD4
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 002D00C1
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 002D0F85
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 002D0F45
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 002D0F56
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 002D0FA0
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 002D001B
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 002D0036
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 002D00B0
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 002D007A
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 002D0058
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 002D0069
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 002D0047
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 002D0095
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 002D0F34
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 002D000A
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 002D0FEF
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 002D00D2
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 005B0F9C
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!system 7762804B 5 Bytes JMP 005B0FB7
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 005B0FE3
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_open 7762D106 5 Bytes JMP 005B000C
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 005B0FC8
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 005B001D
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 002E0076
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 002E0040
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 002E0065
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 002E0FB9
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 002E0FE5
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 002E001B
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00320FEF
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00320FC3
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00320FD4
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00310F6D
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 003100BD
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00310F4B
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00310F5C
.text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00310F9C
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0031000A
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00310FB9
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 003100A2
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00310076
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0031004A
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0031005B
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 0031002F
.text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00310091
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00310F30
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00310FD4
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00310FE5
.text C:\Windows\system32\services.exe[784] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 003100CE
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00330040
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00330F9E
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00330FEF
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00330025
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00330051
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00330FB9
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00330FD4
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 0033000A
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00360029
.text C:\Windows\system32\services.exe[784] msvcrt.dll!system 7762804B 5 Bytes JMP 00360FA8
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00360FDE
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_open 7762D106 5 Bytes JMP 00360FEF
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00360FB9
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00360018
.text C:\Windows\system32\services.exe[784] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00350000
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00340000
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00340FDB
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00340011
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00340FCA
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 001F0000
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 001F002C
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 001F001B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 001E0F50
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 001E0F61
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 001E0F2E
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001E0F3F
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 001E0F94
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 001E001B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 001E0F72
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 001E0FAF
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 001E005B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 001E006C
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 001E0036
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 001E0F83
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 001E0F1D
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 001E00B1
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 75D539AB 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00200FAF
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00200040
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00200051
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00200F94
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0020001B
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 0020000A
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00200FCA
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00950053
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!system 7762804B 5 Bytes JMP 00950042
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00950FD2
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_open 7762D106 5 Bytes JMP 00950FEF
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00950027
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0095000C
.text C:\Windows\system32\lsass.exe[796] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00940FE5
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00540000
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00540025
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00540FE5
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00540FD4
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 001C007D
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 001C0062
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 001C0F01
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001C0F1C
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 001C0F41
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 001C0FAF
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 001C0051
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 001C0F68
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 001C0F83
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 001C0F94
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 001C0036
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 001C0EF0
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 001C0098
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 002C0038
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!system 7762804B 5 Bytes JMP 002C0027
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 002C0FD2
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_open 7762D106 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 002C0FB7
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 002C000C
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 001E0051
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 001E007D
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 001E001B
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!socket 775A36D1 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00750FCA
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00740087
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00740076
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 007400B3
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00740F1C
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00740F6D
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0074000A
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00740FB9
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00740F41
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00740051
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0074001B
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00740036
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00740F9E
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00740F5C
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 007400D8
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00740FD4
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00740FE5
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00740098
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00A8002F
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!system 7762804B 5 Bytes JMP 00A80F9A
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00A80FC6
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_open 7762D106 5 Bytes JMP 00A80000
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00A80FB5
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00A80FE3
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00760062
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00760051
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00760073
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 0076002C
.text C:\Windows\system32\svchost.exe[1092] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00A70000
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00770025
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00770040
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00FE0FCA
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00B200A4
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00B20089
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00B20F28
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00B20F39
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00B20064
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00B20011
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00B20FB6
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00B20F54
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00B20F80
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00B20F9B
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00B20033
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00B20022
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00B20F6F
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00B200DA
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00B20000
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00B20FE5
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00B200B5
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 01FA003B
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!system 7762804B 5 Bytes JMP 01FA0020
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01FA0FC1
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_open 7762D106 5 Bytes JMP 01FA0FEF
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 01FA0FA6
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 01FA0FD2
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00FF004A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00FF0FCD
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00FF000A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00FF0FA8
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00FF005B
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00FF001B
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00FF0FDE
.text C:\Windows\System32\svchost.exe[1128] WS2_32.dll!socket 775A36D1 5 Bytes JMP 01F90000
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 01F00FEF
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 01F00FB9
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 01F00FCA
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 01F00000
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 01020FE5
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 01020011
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 01020000
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00D5007D
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00D5006C
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00D50F12
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00D500A9
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00D50F5C
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00D50FD4
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00D50FB9
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00D50051
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00D50040
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00D50F8D
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00D50025
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00D50FA8
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00D50F4B
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00D50F01
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00D5000A
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00D50FEF
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00D5008E
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 0160005D
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system 7762804B 5 Bytes JMP 0160004C
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01600027
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open 7762D106 5 Bytes JMP 01600000
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 01600FD2
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 01600FEF
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 01590039
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 01590FB2
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 0159000A
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 01590F97
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 01590F7C
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 01590FDE
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 01590FEF
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 01590FCD
.text C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket 775A36D1 5 Bytes JMP 015F000A
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 015E0FEF
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 015E002F
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 015E0014
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 015E0FDE
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 014C0000
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 014C0FE5
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 014C001B
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 774854C4 5 Bytes JMP 00D6000A
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 77485BF8 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 01470071
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 01470F2B
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 01470EF5
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 01470F06
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 01470F72
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0147000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 01470FB9
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 01470F3C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 01470F83
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0147002F
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 01470040
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 01470FA8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 01470F57
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 01470EDA
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 01470FD4
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 01470FEF
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 01470082
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 01540FBE
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!system 7762804B 5 Bytes JMP 0154003F
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01540FD9
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_open 7762D106 5 Bytes JMP 01540000
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 0154002E
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0154001D
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 014D0047
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 014D0036
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 014D0FE5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 014D0FA5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 014D0062
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 014D001B
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 014D0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 014D0FC0
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 775A36D1 5 Bytes JMP 01530FEF
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 0152000A
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 01520036
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 0152001B
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 01520FE5
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00120FDE
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000F0084
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000F0073
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 75AE1BF3 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 000F0EF7
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000F0F08
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 000F003D
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 000F0058
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 000F0F63
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 000F0F8A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 000F0FA5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 000F0F48
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000F0EDC
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000F0F19
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00140FA6
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 7762804B 5 Bytes JMP 00140FB7
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00140FD2
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 7762D106 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00140027
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0014000C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00110098
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00110058
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 0011007D
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00110FDB
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0011002C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00110011
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00110047
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 0091001B
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 008F0F36
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 008F007C
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 008F00BC
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 008F0F25
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 008F0F80
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 008F0022
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 008F0FC7
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 008F006B
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 008F005A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 008F0FA2
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 008F0F91
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 008F0033
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 008F0F65
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 008F0F0A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 008F0011
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 008F00A1
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00DB0073
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!system 7762804B 5 Bytes JMP 00DB0062
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00DB002C
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_open 7762D106 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00DB0047
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00DB0011
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00900047
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00900FC0
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00900FA5
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00900062
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0090002C
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 0090001B
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[1464] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00920FE5
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00920FB9
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00920FD4
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00920FA8
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00F9001B
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00F70F18
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00F70F29
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00F70EF3
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00F7008A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00F70040
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00F70FD4
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00F70FB9
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00F70F3A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00F70F72
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00F7002F
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00F70F83
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00F70FA8
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00F70F4B
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00F700A5
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00F7000A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00F70079
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 028F0FEF
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!system 7762804B 5 Bytes JMP 028F007A
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 028F003A
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_open 7762D106 5 Bytes JMP 028F000C
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 028F0055
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 028F001D
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00F8002C
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00F80FA5
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00F80F8A
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00F80F65
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00F80FCA
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00F80FDB
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00F8001B
.text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!socket 775A36D1 5 Bytes JMP 02880FEF
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00FA0FCA
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1984] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 6D789AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1984] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 6D789A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 000B0FC3
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 000B0FDE
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000500A4
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00050089
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00050F25
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000500C6
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0005005D
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00050FAF
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00050F68
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 0005004C
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0005002F
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 0005006E
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00050F14
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000500B5
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 000D0F81
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!system 7762804B 5 Bytes JMP 000D0F9C
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 000D000C
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_open 7762D106 5 Bytes JMP 000D0FEF
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 000D0FAD
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 000D0FDE
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 000A0F7C
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 000A0F97
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 000A0FE5
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 000A001E
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 000A0039
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 000A0FC3
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 000A0FD4
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 000A0FA8
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 02740000
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 02740036
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 02740011
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 02640F1C
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 02640062
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 02640EF0
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 02640087
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 02640F52
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 02640FE5
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 02640FCA
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 02640047
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 02640F6F
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0264002C
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 02640F8A
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 02640FA5
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 02640F37
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 026400AC
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0264001B
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 02640000
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 02640F0B
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 02720039
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 02720FA8
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 02720FEF
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 02720F97
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 02720054
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0272000A
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 02720FDE
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 02720FB9
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 02780FBE
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!system 7762804B 5 Bytes JMP 02780FD9
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_open 7762D106 5 Bytes JMP 0278000C
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 02780049
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0278001D
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 02730000
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 0273001B
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 02730FE5
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 0273002C
.text C:\Windows\Explorer.EXE[3328] WS2_32.dll!socket 775A36D1 5 Bytes JMP 02750FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00880000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00880FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00880011
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00020F30
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00020076
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00020F15
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000200AC
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0002005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0002001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00020FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00020F41
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00020F81
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00020FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00020F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00020036
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00020F66
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000200BD
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0002000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00020FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00020091
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00860065
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00860FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 0086000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00860FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00860076
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00860025
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00860FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00860040
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 6A979A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 6A8D170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 6AAC62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 6AAC6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 6AAC6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 6AAC61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 6AAC6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 6AAC6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 6AAC609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 009C004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!system 7762804B 5 Bytes JMP 009C0FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 009C0011
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_open 7762D106 5 Bytes JMP 009C0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 009C0FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 009C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00870000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00870040
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 0087001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00870051
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WS2_32.dll!socket 775A36D1 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00330022
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00330011
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00020F5F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000200A5
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00020F1F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000200B6
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0002008A
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0002002F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateNamedPipeW

#6 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 07:35 AM

Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00020F70
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00020FB2
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00020054
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0002006F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00020FCD
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00020F95
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000200DB
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00020014
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00020F44
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00350F9A
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!system 7762804B 5 Bytes JMP 00350025
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_open 7762D106 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00350FAB
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00350FC6
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 0032002F
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00320014
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00320F83
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00320FB2
.text C:\Windows\system32\svchost.exe[4520] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00040FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 0001008A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00010079
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 000100B6
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000100A5
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00010F7A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00010FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00010FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00010F4E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00010F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00010FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00010054
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00010039
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00010F69
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000100C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateThread 75B2CB2E 5 Bytes JMP 6A937303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00010F29
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00070036
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00070F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 0007001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00070051
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0007000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00070FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00070FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamW 75F372A2 5 Bytes JMP 6AAC6628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetAsyncKeyState 75F3863C 5 Bytes JMP 6A91DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetWindowsHookExW 75F387AD 5 Bytes JMP 6A972194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CallNextHookEx 75F38E3B 5 Bytes JMP 6A997BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!UnhookWindowsHookEx 75F398DB 5 Bytes JMP 6A9BEB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 6A979A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DefWindowProcA 75F3DB88 7 Bytes JMP 6A93952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExA 75F3DC2A 5 Bytes JMP 6A943363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExW 75F41305 5 Bytes JMP 6A99FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetKeyState 75F48CB1 5 Bytes JMP 6A91DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DefWindowProcW 75F503B4 7 Bytes JMP 6A997C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessageW 75F50745 5 Bytes JMP 6AAC6D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamA 75F517AA 5 Bytes JMP 6AAC65F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage 75F51847 2 Bytes JMP 6AAC6D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage + 3 75F5184A 2 Bytes [B7, F4] {MOV BH, 0xf4}
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamA 75F526F1 5 Bytes JMP 6AAC6660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamW 75F59A62 5 Bytes JMP 6AAC6698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetKeyboardState 75F60987 5 Bytes JMP 6AAC7649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 6A8D170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 6AAC62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SendInput 75F62F75 5 Bytes JMP 6AAC75F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EndDialog 75F6326E 5 Bytes JMP 6AAC702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetCursorPos 75F76FB2 5 Bytes JMP 6AAC76CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 6AAC6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 6AAC6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 6AAC61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 6AAC6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 6AAC6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 6AAC609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!keybd_event 75F8D972 5 Bytes JMP 6AAC75AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00080FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!system 7762804B 5 Bytes JMP 00080FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 0008001D
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_open 7762D106 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 0008002E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00080FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D95 763389A8 4 Bytes [CF, 01, B9, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D9D 763389B0 8 Bytes [E0, 61, B8, 63, 79, F7, B8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!OleLoadFromStream 760C1E80 5 Bytes JMP 6AAC6A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00090FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00090FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00090FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00090FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WS2_32.dll!socket 775A36D1 5 Bytes JMP 001B0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\mfevtps.exe[532] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0024A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[532] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0024A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01582F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01582D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01582CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01582CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00882F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00882D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00882CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00882CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01AE2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01AE2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01AE2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01AE2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01152F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01152D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01152CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01152CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001A2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001A2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001A2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001A2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01652F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01652D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01652CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01652CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [021B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [021B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [021B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [021B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00282F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00282D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00282CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00282CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01E02F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01E02D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01E02CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01E02CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00252F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00252D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00252CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00252CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63B91555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [63B90E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [63B860B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [63B87278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [63BA33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [63B919CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [63B86692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [63B9F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [63BA072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [63B9EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [63B99229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [63B9E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [63B9ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [63B9C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [63B86291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [63B9EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [63B9DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [63B97BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [63B8F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [63B9E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [63B9AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [63B99229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [63B8F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [63B9F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [63BA072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [63B9F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [63B9D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [63B9D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [63B86692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [63BA2FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [63BA327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63BA3B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [63B8EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [63B919CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [63B860B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [63B90859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [63BA3983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [63BA33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63B91555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [63B87278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [63B90E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [63BA3E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [63B8F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [63BA3FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [63BA3D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [63B8FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [63B9A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [63B9E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [63B9A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [63B9B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [63B9C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [63B99F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [63B99AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [63B9A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [63B9EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [63B86291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [63B9E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [63B99C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [63B9968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [63B9997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [63B9CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [63B9D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [63B9D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [63BA0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [63B8F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [63B8F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [63BA0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [63BA1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [63BA1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [63B8FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [63BA12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [63B8FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [63BA1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [63BA1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [63BA1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [63BA1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [63BA1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [63BA19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [63B8E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [63BA1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [63BA136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [63BA162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [63BA1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [63BA194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [63BA0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [63BA2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [63BA2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [63B87430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [63B90178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [63B8FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [63B84984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [63BA140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [63BA17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [63BA171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [63BA1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [63BA18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [63B8FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [63B85D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [63B84927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [63BA0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [63BA2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [63BA2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [63BA20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [63BA218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [63B90123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [63BA1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [63B98C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [63B99C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [63B9968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [63B8F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [63BA1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [63BA2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [63BA2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [63BA2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [63B90178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [63B864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [63B84CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [63B84927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [63B84984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [63B86528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB33361$\3620296088 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\@ 2048 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\bckfg.tmp 863 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\keywords 199 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\L 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\L\ogejidap 66560 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB33361$\3699975985 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\adsCAH9FQX8.js 1285 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\eventCAOO7X3I.js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\eventCACHTUMV.js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\ptj[2].js 164 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\1735548935@x10[1].js 228 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\1845346795@Top1[1].js 225 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\1011_104_USA_728090A[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\travelguard_worryless_728x90_101[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\MY[1].png 938 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=4563002368726963[1].htm 439 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=6211430334976251[1].htm 439 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=300b;adnt=1;tile=2;sz=300x250;exp=0;ord=3582122134621891[1].htm 442 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=8096711807510601[1].htm 708 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=8430009504959254[1].htm 708 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\adsCAAKEN32.js 9070 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\border-9df07ad724e04b139b2d875cf3cfa8ce[1].png 163 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_large[1].jpg 13678 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_large[2].jpg 6651 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_medium[1].jpg 2479 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_medium[2].jpg 2479 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\dbg;s1=dbg;s2=haywire;sz=320x240;ord=31251c8bdb314b579f5c53cb6fe474a2[1].asx 259 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\370819_100000537319823_1418661541_q[1].jpg 2427 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\button-tumblr-48px-5a8f7993723be66121c233fe317963c9[1].png 2489 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MNQL5F4Q.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8OAB1P0Z.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\96QR1RHG.txt 502 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3PMJC2A3.txt 72 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7S68V6Y8.txt 281 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0H4VPZJ4.txt 78 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ACA3YLZW.txt 475 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AD0F717L.txt 805 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KN07QGR6.txt 680 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3W45VBVF.txt 86 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0UH498NP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GK063BHU.txt 777 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W9OGNP7B.txt 617 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WA1B8HKD.txt 322 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FZFA9P6R.txt 456 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ID3Z39R6.txt 690 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NMVD8TRW.txt 201 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EKBQN9S2.txt 1205 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5SWC1KR9.txt 111 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9B2Z6Q4O.txt 344 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L5R8RBV6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H6T09RQW.txt 604 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\22HT8IME.txt 192 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C6GKE7Q2.txt 1831 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GQDFU0LD.txt 428 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GRV3IHT6.txt 104 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y4Y46MZZ.txt 223 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\T6M2KZZM.txt 514 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DEHA653K.txt 92 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F8YP22DY.txt 180 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5DF6DUIW.txt 1006 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N7XPYXE0.txt 362 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KZ7N2L4G.txt 1831 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KZHBBSR1.txt 1528 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EITDGXVC.txt 115 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OE5JWIV4.txt 84 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OURNS3G3.txt 1946 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J9WYGMBR.txt 430 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J9Z3L2HU.txt 1377 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3NP8V1IH.txt 108 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3O90C22X.txt 271 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W70A0JAF.txt 90 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Q660R6L.txt 2364 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4Z4LCS7I.txt 2025 bytes
File C:\Windows\Temp\fla6426.tmp 1841281 bytes

---- EOF - GMER 1.0.15 ----

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:07 PM

Posted 03 January 2012 - 11:43 AM

We have quite a few issues there.
I need one more log from you for now.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 08:34 PM

Broni- thanks again for your help. These scans are taking a little longer than i thought they would. McAffe has grabbed a couple of virus while they ran - if that makes any diff.

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-03 17:44:25
-----------------------------
17:44:25.097 OS Version: Windows 6.0.6002 Service Pack 2
17:44:25.097 Number of processors: 2 586 0xF0D
17:44:25.099 ComputerName: STACY-LAPTOP UserName: cubstuff
17:44:29.578 Initialize success
17:46:29.750 AVAST engine defs: 12010301
17:47:01.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:47:01.055 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
17:47:01.259 Disk 0 MBR read successfully
17:47:01.301 Disk 0 MBR scan
17:47:01.693 Disk 0 Windows VISTA default MBR code
17:47:01.745 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:47:01.804 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
17:47:01.920 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
17:47:01.952 Disk 0 scanning sectors +488396800
17:47:02.897 Disk 0 scanning C:\Windows\system32\drivers
17:48:54.029 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot [Rtk]
17:49:26.643 Service scanning
17:49:31.964 Modules scanning
17:51:11.085 Module: C:\Windows\system32\DRIVERS\smb.sys **SUSPICIOUS**
17:52:05.672 Disk 0 trace - called modules:
17:52:05.779 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87a50f10]<<
17:52:05.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865f0780]
17:52:05.793 3 CLASSPNP.SYS[881188b3] -> nt!IofCallDriver -> [0x878af920]
17:52:05.800 \Driver\00001252[0x86f08e10] -> IRP_MJ_CREATE -> 0x87a50f10
17:52:09.132 AVAST engine scan C:\Windows
17:54:30.441 AVAST engine scan C:\Windows\system32
18:14:14.014 AVAST engine scan C:\Windows\system32\drivers
18:15:20.438 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Aluroot [Rtk]
18:16:39.109 AVAST engine scan C:\Users\cubstuff
19:06:38.173 File: C:\Users\cubstuff\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\9c5f041-577cce5e **INFECTED** Win32:MalOb-IB [Cryp]
19:20:51.687 AVAST engine scan C:\ProgramData
19:27:46.291 Scan finished successfully
19:31:18.843 Disk 0 MBR has been saved successfully to "C:\Users\cubstuff\Desktop\MBR.dat"
19:31:18.911 The log file has been saved successfully to "C:\Users\cubstuff\Desktop\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:07 PM

Posted 03 January 2012 - 08:47 PM

You have more serious issues there.
Advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 08:54 PM

I ran the DDS yesterday before posting to this forum. Will that report and the GMER report above work? Or do i need to scan again?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:07 PM

Posted 03 January 2012 - 08:58 PM

That will be fine for now.
They may ask you to re-run it later.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 09:01 PM

Thanks for your help and patience.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:07 PM

Posted 03 January 2012 - 09:04 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 January 2012 - 09:53 PM

As requested, new topic started here- http://www.bleepingcomputer.com/forums/topic436107.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users