Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.Bad.Proxy resurfacing after deletion


  • Please log in to reply
26 replies to this topic

#1 dampe

dampe

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 03 November 2014 - 11:45 PM

Hello there,

 

Recently I scanned with Malwarebytes and it reported this PUM. Even though I delete it, every time I connect to the internet it seems to come back. I have also scanned with McAfee and SuperAntiSpyware, but they do not report anything. Nothing on my machine is noticeably different since the infection, but I feel there are things going on under the hood that need to be fixed. I won't post any logs of scans until instructed to do so.

 

Thank you for the time and help.



BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 04 November 2014 - 11:44 AM

Hi dampe and :welcome:

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

Thank you!



#3 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 05 November 2014 - 12:33 AM

Hello and thank you for the help. Here are the results...

 

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.189  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 30 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Dampe (administrator) on 04-11-2014 at 22:25:35
Running from "C:\Users\Brendon\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
::1             localhost
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/04/2014 10:00:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 06:55:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 04:21:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 03:53:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 03:53:15 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/03/2014 02:05:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode. 
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]
 
Error: (11/03/2014 02:02:17 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070005
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.
 
 
System errors:
=============
Error: (11/03/2014 09:28:42 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (11/03/2014 07:56:34 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because volume D:, which contains shadow copy storage for this shadow copy, was force dismounted.
 
Error: (11/03/2014 07:12:35 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name.  The server could not start.
 
Error: (11/03/2014 07:12:34 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 002268A74E91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
 
Error: (11/03/2014 06:53:22 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
Error: (11/03/2014 05:32:37 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because volume D:, which contains shadow copy storage for this shadow copy, was force dismounted.
 
Error: (11/03/2014 04:30:33 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%1053
 
Error: (11/03/2014 04:30:33 PM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (11/03/2014 04:30:33 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Modules Installer
 
Error: (11/03/2014 04:22:53 PM) (Source: DCOM) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
 
 
Microsoft Office Sessions:
=========================
Error: (11/04/2014 10:00:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 06:55:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 04:21:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 03:53:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 03:53:15 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/03/2014 02:05:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80040206
 
Error: (11/03/2014 02:02:17 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070005
 
Error: (11/03/2014 02:02:17 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-03 20:45:05.705
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:04.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:03.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:03.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:02.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:01.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:45:00.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:44:59.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:37:02.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-03 20:37:02.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 74%
Total physical RAM: 2037.71 MB
Available physical RAM: 522.86 MB
Total Pagefile: 4312.67 MB
Available Pagefile: 2831.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.53 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:139.24 GB) (Free:75.58 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.71 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DAMPE
 
Administrator            Brendon                  Dampe                    
Guest                    
 
 
**** End of log ****
 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Dampe (administrator) on 04-11-2014 at 22:31:00
Running from "C:\Users\Brendon\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 05 November 2014 - 03:15 PM

icon1349013334.jpgPlease download AdwCleaner by XplodeHERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

icon1351185104.pngPlease download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

icon1356707420.jpgDownload Malwarebytes' Anti-Malware Free HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

esetsmartinstaller_enu.pngPlease download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Thank you!



#5 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 05 November 2014 - 09:01 PM

Thank you. Here are the results...
 
# AdwCleaner v3.311 - Report created 05/11/2014 at 14:30:45
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Dampe - DAMPE
# Running from : C:\Users\Brendon\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Brendon\AppData\Roaming\NCH Software
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16584
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1423 octets] - [05/11/2014 14:27:15]
AdwCleaner[S0].txt - [1360 octets] - [05/11/2014 14:30:45]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1420 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Dampe on Wed 11/05/2014 at 14:46:12.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/05/2014 at 14:49:49.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/5/2014
Scan Time: 3:23:26 PM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.04.01
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Dampe
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339230
Time Elapsed: 20 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:47392, Quarantined, [b8e367cfa8d46fc7e892dd2bb64e26da]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=87894155bce9504ebc70033d230f2812
# engine=20948
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-06 01:00:26
# local_time=2014-11-05 06:00:26 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5122 16777214 66 93 0 177091804 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776638 100 100 0 251843154 0 0
# scanned=231509
# found=0
# cleaned=0
# scan_time=7438
 


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 06 November 2014 - 01:25 PM

Downloaddelfix.pngDelfix by Xplode HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

icon1365009334.jpgDownload HitmanPro x86 HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!
 


Edited by Alex&Vanko, 06 November 2014 - 01:33 PM.


#7 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 06 November 2014 - 04:32 PM

Here are the results from the Hitman Pro scan...

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : DAMPE
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : DAMPE\Dampe
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-06 14:07:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 9m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 26
 
   Objects scanned . . . : 2,146,399
   Files scanned . . . . : 51,466
   Remnants scanned  . . : 360,710 files / 1,734,223 keys
 
Suspicious files ____________________________________________________________
 
   C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1000\$RZ8E0MC.exe
      Size . . . . . . . : 1,106,432 bytes
      Age  . . . . . . . : 2.9 days (2014-11-03 17:18:11)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 9A26A4A17046CAE88FD85538EC4A66D7D10037073B7828EEE4E852407E4AF98D
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -11.1s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_00007b
         -10.5s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_00007c
         -9.9s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_00007d
         -9.8s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_00007e
         -9.2s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_00007f
         -9.2s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000080
         -9.1s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000081
         -9.0s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000082
         -8.8s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000083
         -8.5s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000084
         -8.2s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000085
         -3.6s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000086
         -3.4s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1001\$R7V5B4W\Chrome\User Data\Default\Cache\f_000087
          0.0s C:\$RECYCLE.BIN\S-1-5-21-1667175668-579005969-470213513-1000\$RZ8E0MC.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Brendon\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Dampe\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
 
 


#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 06 November 2014 - 05:00 PM

Ok take action in order to remove them.Say what is the situation.

 

Thank you!



#9 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 06 November 2014 - 05:18 PM

SSD or Hard disk you have?



#10 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 06 November 2014 - 10:45 PM

Thank you for the help so far. All the above scanners have been ran, but MBAM is still reporting the PUM.Bad.Proxy. Seems to only reappear after being connected to the internet for a little while.

 

Also I believe I have just a regular hard disk drive. Samsung HM160HI drive is installed.

 

Here is the latest mbam log if it helps...
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/6/2014
Scan Time: 5:42:45 PM
Logfile: 11_6_14_mbam.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.06.10
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Dampe
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339760
Time Elapsed: 21 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:47392, Quarantined, [3b6077bfb4c8d363113038d4e123db25]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 07 November 2014 - 01:27 PM

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:47392 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

Click the Chrome menu Chrome menu on the browser toolbar - Select Settings - Click Show advanced settings.In the "Network" section, click Change proxy settings. This will open the Internet Properties dialog.Click LAN settings do the same.

 

icon1339707903.pngPlease download TFC.exe by OldtimerHERE
    Save and close all running applications
    Double-click on TFC.exe to run the program
    Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
    When the scan is complete, if you were not asked to reboot the computer, please do so now

 

Thank you!



#12 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 08 November 2014 - 03:02 AM

In the Lan settings there was no reference to 127.0.0.1:47392 and "Use proxy Server" was not checked. "Automatically detect settings" was not checked either, so I checked that on.

 

TFC has been ran.

 

So far so good, Mbam has not reported the PUM again, but it usually take a little while after getting rid of it to come back, so I will keep an eye on things and do another scan soon.

 

Thank you.



#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 08 November 2014 - 09:02 AM

http://dl5.oo-software.com/files/oodefragfree/OODefragFree32Enu.exe

Download and Install O&O Defrag free.Click your drive C: in main window.Above click Down Arrow on Start Button and select Optimize.

 

Thank you!



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 08 November 2014 - 09:35 AM

Do defragment and try this:

icon1348592602.jpgDownload & SAVE to your Desktop RogueKiller x86 HERE

    Quit all programs that you may have started.
    Please disconnect any external drives from the computer before you run this scan!
    For Vista or Windows 7, right-click and select "Run as Administrator to start"
    For Windows XP, double-click to start.
    Wait until Prescan has finished ...
    Then Click on "Scan" button
    Wait until the Status box shows "Scan Finished"
    Click on "Report" and copy/paste the content of the Notepad into your next reply.
    the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
    Exit/Close RogueKiller+
 

Thank you!



#15 dampe

dampe
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 10 November 2014 - 03:32 AM

Sorry for the delay. I have done the defrag and here is the report for rogue killer. It is kinda long...

 

 

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Dampe [Administrator]
Mode : Scan -- Date : 11/10/2014  01:26:04
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:47392  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:47392  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.msn.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_65E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_65E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1667175668-579005969-470213513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 619 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Afc @ Unknown (\SystemRoot\system32\drivers\Afc.sys)
[IAT:Inl] (explorer.exe) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSecurityObject : Unknown @ 0x7a0477 (jmp 0xffffffff88d8b233)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - LdrGetProcedureAddress : Unknown @ 0x7a0cd5 (jmp 0xffffffff88dab5f5)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x7a0400 (jmp 0xffffffff88dc7088)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x7a0d4c (jmp 0xffffffff88d8c188)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSecurityObject : Unknown @ 0x7a0477 (jmp 0xffffffff88d8b233)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - ReadProcessMemory : Unknown @ 0x7e00ee (jmp 0xffffffff8937e479)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - VirtualAllocEx : Unknown @ 0x7a0f28 (jmp 0xffffffff892f5f4c)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ GDI32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ GDI32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ GDI32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtSetSecurityObject : Unknown @ 0x7a0477 (jmp 0xffffffff88d8b233)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ USER32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x7e0000 (jmp 0xffffffff8937e3d8)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - PeekNamedPipe : Unknown @ 0x7a0994 (jmp 0xffffffff892ab71e)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - CreatePipe : Unknown @ 0x7a0a0b (jmp 0xffffffff89317a0d)
[IAT:Inl] (explorer.exe @ msvcrt.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SHLWAPI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ SHELL32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SHELL32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ SHELL32.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtSetSecurityObject : Unknown @ 0x7a0477 (jmp 0xffffffff88d8b233)
[IAT:Inl] (explorer.exe @ ole32.dll) GDI32.dll - PlayEnhMetaFileRecord : Unknown @ 0x7a05dc (jmp 0xffffffff8924ade9)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ole32.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ ole32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SHDOCVW.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ UxTheme.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ UxTheme.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ UxTheme.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ UxTheme.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ UxTheme.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ POWRPROF.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ POWRPROF.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ POWRPROF.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ dwmapi.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ gdiplus.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ gdiplus.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ gdiplus.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ gdiplus.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ gdiplus.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ gdiplus.dll) GDI32.dll - PlayEnhMetaFileRecord : Unknown @ 0x7a05dc (jmp 0xffffffff8924ade9)
[IAT:Inl] (explorer.exe @ slc.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ slc.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ slc.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ PROPSYS.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ PROPSYS.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ PROPSYS.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ PROPSYS.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ BROWSEUI.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ IMM32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ IMM32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MSCTF.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ MSCTF.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ MSCTF.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MSCTF.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MSCTF.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ DUser.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ DUser.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ DUser.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ USP10.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ USP10.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ USP10.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ USP10.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ comctl32.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ comctl32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ comctl32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ comctl32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ comctl32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ comctl32.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ comctl32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - ReadProcessMemory : Unknown @ 0x7e00ee (jmp 0xffffffff8937e479)
[IAT:Inl] (explorer.exe @ HcApi.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ HcThe.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ HcThe.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ HcThe.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ HIPHandlers.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ HIPHandlers.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ HIPHandlers.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ HIPHandlers.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ HIPHandlers.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ PSAPI.DLL) KERNEL32.dll - ReadProcessMemory : Unknown @ 0x7e00ee (jmp 0xffffffff8937e479)
[IAT:Inl] (explorer.exe @ version.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ version.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ saHook.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ saHook.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ saHook.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ WindowsCodecs.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WindowsCodecs.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WindowsCodecs.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WindowsCodecs.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - LdrGetProcedureAddress : Unknown @ 0x7a0cd5 (jmp 0xffffffff88dab5f5)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x7a0d4c (jmp 0xffffffff88d8c188)
[IAT:Inl] (explorer.exe @ apphelp.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ apphelp.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ apphelp.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ apphelp.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - PeekNamedPipe : Unknown @ 0x7a0994 (jmp 0xffffffff892ab71e)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ MOBKshell.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ WS2_32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WS2_32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WS2_32.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ WS2_32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ DNSAPI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ DNSAPI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ DNSAPI.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ Secur32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ Secur32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ Secur32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ dhcpcsvc6.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ dhcpcsvc6.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ COMDLG32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ winhttp.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ winhttp.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ winhttp.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ IconCodecService.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ IconCodecService.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ rsaenh.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ rsaenh.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ rsaenh.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ rsaenh.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ timedate.cpl) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ timedate.cpl) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ timedate.cpl) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ timedate.cpl) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ timedate.cpl) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ ATL.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ATL.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ATL.DLL) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ ATL.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ NETAPI32.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ NETAPI32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ NETAPI32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NETAPI32.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ OLEACC.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - ReadProcessMemory : Unknown @ 0x7e00ee (jmp 0xffffffff8937e479)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ OLEACC.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ OLEACC.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ WINBRAND.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ ACTXPRXY.DLL) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ USERENV.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ USERENV.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ USERENV.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ wmpband.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ wmpband.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ wmpband.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ wmpband.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ wmpband.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ MPR.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MPR.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MPR.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ msutb.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ msutb.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WTSAPI32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WTSAPI32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SAMLIB.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SAMLIB.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msshsq.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ msshsq.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msshsq.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ NaturalLanguage6.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NaturalLanguage6.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ authui.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ authui.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ authui.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ authui.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ authui.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ LINKINFO.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ LINKINFO.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ urlmon.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ urlmon.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x7e0000 (jmp 0xffffffff8937e3d8)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ urlmon.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x7e0682 (jmp 0xffffffff8a760bf2)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ WININET.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WININET.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WININET.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WININET.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ WININET.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ NTMARTA.DLL) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ NTMARTA.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NTMARTA.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ NTMARTA.DLL) ntdll.dll - NtSetSecurityObject : Unknown @ 0x7a0477 (jmp 0xffffffff88d8b233)
[IAT:Inl] (explorer.exe @ WLDAP32.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ WLDAP32.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WLDAP32.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ WLDAP32.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - WinExec : Unknown @ 0x7a0dc3 (jmp 0xffffffff892aa5f9)
[IAT:Inl] (explorer.exe @ ieframe.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ ieframe.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ ieframe.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ ntlanman.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ntlanman.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ntlanman.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ davclnt.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ davclnt.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ davclnt.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ ExplorerFrame.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ExplorerFrame.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WINTRUST.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ WINTRUST.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WINTRUST.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WINTRUST.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ imagehlp.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ imagehlp.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ imagehlp.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ imagehlp.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ WINSPOOL.DRV) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ McRtMui.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ McRtMui.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ McRtMui.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ McRtMui.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ McRtMui.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ LangSel.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ LangSel.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ LangSel.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ LangSel.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ ntshrui.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ntshrui.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ ntshrui.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ntshrui.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ntshrui.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ ntshrui.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ msiltcfg.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msiltcfg.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ msi.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ msi.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ msi.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ msi.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ msi.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ stobject.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ stobject.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ stobject.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ BatMeter.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ BatMeter.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ BatMeter.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ WINSTA.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WINSTA.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WINSTA.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ es.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ es.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ es.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ SndVolSSO.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ SndVolSSO.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SndVolSSO.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SndVolSSO.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ MMDevApi.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MMDevApi.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MMDevApi.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ehSSO.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ehSSO.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ehSSO.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ehSSO.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ netshell.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ netshell.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ netshell.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ netshell.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ nlaapi.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ pnidui.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ pnidui.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ QUtil.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ FirewallAPI.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ FunDisc.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ FunDisc.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ fdproxy.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ OneX.DLL) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ OneX.DLL) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ OneX.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ OneX.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ eappprxy.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ eappcfg.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ eappcfg.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ eappcfg.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ bcrypt.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ bcrypt.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ bcrypt.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ AltTab.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ PortableDeviceTypes.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ PortableDeviceTypes.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ PortableDeviceApi.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ PortableDeviceApi.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ PortableDeviceApi.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ PortableDeviceApi.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ pihook.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ pihook.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ pihook.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ pihook.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ mssprxy.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ srchadmin.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ srchadmin.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ srchadmin.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SyncCenter.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SyncCenter.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SyncCenter.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ wscntfy.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ QAgent.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ QAgent.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ fwpuclnt.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ wbemprox.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ wbemcomn.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ wbemcomn.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ wbemcomn.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ wbemcomn.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ wbemsvc.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ SXS.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ SXS.DLL) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SXS.DLL) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ SXS.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ fastprox.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ fastprox.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ fastprox.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NTDSAPI.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ NTDSAPI.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NTDSAPI.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ bthprops.cpl) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ bthprops.cpl) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ bthprops.cpl) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ bthprops.cpl) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ MLANG.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MLANG.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MLANG.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x7e0000 (jmp 0xffffffff8937e3d8)
[IAT:Inl] (explorer.exe @ MLANG.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ MLANG.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ Cabinet.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ mbamext.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mbamext.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mbamext.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mbamext.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ MCCTXM~1.DLL) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MCCTXM~1.DLL) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ MCCTXM~1.DLL) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ MCCTXM~1.DLL) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ mcctxmnu.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ shredext.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ shredext.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ shredext.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ shredext.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ shredext.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ shredext.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ shredext.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ shrcore.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ shrcore.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ shrcore.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ mccoreps.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ mccoreps.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mccoreps.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mccoreps.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mfevtpa.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ sfc.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ sfc.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mfehida.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ shredshm.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ shredshm.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ shredshm.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ shredshm.dll) RPCRT4.dll - NdrStubCall2 : Unknown @ 0x7a08a6 (jmp 0xffffffff88e3f92e)
[IAT:Inl] (explorer.exe @ syncui.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ syncui.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ syncui.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ SYNCENG.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ SYNCENG.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ContextMenu.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ ContextMenu.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ ContextMenu.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ ContextMenu.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ ContextMenu.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ mfc90u.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ mfc90u.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ mfc90u.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ mfc90u.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ mfc90u.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ mfc90u.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ mfc90u.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - CreateProcessA : Unknown @ 0x7e0000 (jmp 0xffffffff8937e3d8)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - PeekNamedPipe : Unknown @ 0x7a0994 (jmp 0xffffffff892ab71e)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - CreatePipe : Unknown @ 0x7a0a0b (jmp 0xffffffff89317a0d)
[IAT:Inl] (explorer.exe @ MSVCR90.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ NLSData0009.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ NLSData0009.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ McPvNs.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - VirtualProtect : Unknown @ 0x7a0e3a (jmp 0xffffffff8933f077)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - CreateProcessW : Unknown @ 0x7a0be7 (jmp 0xffffffff8933eff4)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - PeekNamedPipe : Unknown @ 0x7a0994 (jmp 0xffffffff892ab71e)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ McPvNs.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ McPvNs.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x7a0565 (jmp 0xffffffff891c7db8)
[IAT:Inl] (explorer.exe @ McPvNs.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ McPvNs.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ WINMM.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ WINMM.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ WINMM.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ dadkeyb.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ dadkeyb.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ dadkeyb.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x7a0a82 (jmp 0xffffffff8933f0b9)
[IAT:Inl] (explorer.exe @ dadkeyb.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ dadkeyb.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ thumbcache.dll) KERNEL32.dll - OpenProcess : Unknown @ 0x7e0077 (jmp 0xffffffff89338b28)
[IAT:Inl] (explorer.exe @ thumbcache.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ thumbcache.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ thumbcache.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ thumbcache.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ FunctionDiscoveryFolder.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ FunctionDiscoveryFolder.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ FunctionDiscoveryFolder.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - LoadLibraryA : Unknown @ 0x7e03b8 (jmp 0xffffffff89356d44)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - PeekNamedPipe : Unknown @ 0x7a0994 (jmp 0xffffffff892ab71e)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - HeapCreate : Unknown @ 0x7e01dc (jmp 0xffffffff89356339)
[IAT:Inl] (explorer.exe @ tquery.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ tquery.dll) USER32.dll - LoadImageW : Unknown @ 0x7a06ca (jmp 0xffffffff891c3ce5)
[IAT:Inl] (explorer.exe @ tquery.dll) ole32.dll - CoGetClassObject : Unknown @ 0x7a0653 (jmp 0xffffffff89f70b6b)
[IAT:Inl] (explorer.exe @ zipfldr.dll) KERNEL32.dll - FindNextFileW : Unknown @ 0x7a07b8 (jmp 0xffffffff89314eaa)
[IAT:Inl] (explorer.exe @ zipfldr.dll) KERNEL32.dll - CreateFileA : Unknown @ 0x7a091d (jmp 0xffffffff892f37de)
[IAT:Inl] (explorer.exe @ zipfldr.dll) KERNEL32.dll - GetProcAddress : Unknown @ 0x7a0af9 (jmp 0xffffffff892f77d6)
[IAT:Inl] (explorer.exe @ zipfldr.dll) KERNEL32.dll - LoadLibraryW : Unknown @ 0x7a0b70 (jmp 0xffffffff89317678)
[IAT:Inl] (explorer.exe @ zipfldr.dll) SHELL32.dll - ShellExecuteExW : Unknown @ 0x7a0741 (jmp 0xffffffff89df46c4)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] 0e6ce10efc52a63b4746d16556b770bb
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 10000 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20561920 | Size: 142586 MB
User = LL1 ... OK
User = LL2 ... OK





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users