GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-13 15:11:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500AAKX-753CA1 rev.19.01H19 232,89GB Running: gmer.exe; Driver: C:\Users\DG_OCH~1\AppData\Local\Temp\fwdyapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076681401 2 bytes JMP 762eb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076681419 2 bytes JMP 762eb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076681431 2 bytes JMP 76369149 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007668144a 2 bytes CALL 762c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766814dd 2 bytes JMP 76368a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766814f5 2 bytes JMP 76368c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007668150d 2 bytes JMP 76368938 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076681525 2 bytes JMP 76368d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007668153d 2 bytes JMP 762dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076681555 2 bytes JMP 762e6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007668156d 2 bytes JMP 76369201 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076681585 2 bytes JMP 76368d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007668159d 2 bytes JMP 763688fc C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766815b5 2 bytes JMP 762dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766815cd 2 bytes JMP 762eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766816b2 2 bytes JMP 763690c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766816bd 2 bytes JMP 76368891 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076681401 2 bytes JMP 762eb233 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076681419 2 bytes JMP 762eb35e C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076681431 2 bytes JMP 76369149 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007668144a 2 bytes CALL 762c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766814dd 2 bytes JMP 76368a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766814f5 2 bytes JMP 76368c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007668150d 2 bytes JMP 76368938 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076681525 2 bytes JMP 76368d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007668153d 2 bytes JMP 762dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076681555 2 bytes JMP 762e6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007668156d 2 bytes JMP 76369201 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076681585 2 bytes JMP 76368d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007668159d 2 bytes JMP 763688fc C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766815b5 2 bytes JMP 762dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766815cd 2 bytes JMP 762eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766816b2 2 bytes JMP 763690c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\DG_Ochota\AppData\Roaming\uTorrent\uTorrent.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766816bd 2 bytes JMP 76368891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076681401 2 bytes JMP 762eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076681419 2 bytes JMP 762eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076681431 2 bytes JMP 76369149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007668144a 2 bytes CALL 762c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766814dd 2 bytes JMP 76368a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766814f5 2 bytes JMP 76368c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007668150d 2 bytes JMP 76368938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076681525 2 bytes JMP 76368d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007668153d 2 bytes JMP 762dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076681555 2 bytes JMP 762e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007668156d 2 bytes JMP 76369201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076681585 2 bytes JMP 76368d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007668159d 2 bytes JMP 763688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766815b5 2 bytes JMP 762dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766815cd 2 bytes JMP 762eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766816b2 2 bytes JMP 763690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766816bd 2 bytes JMP 76368891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076681401 2 bytes JMP 762eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076681419 2 bytes JMP 762eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076681431 2 bytes JMP 76369149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007668144a 2 bytes CALL 762c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766814dd 2 bytes JMP 76368a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766814f5 2 bytes JMP 76368c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007668150d 2 bytes JMP 76368938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076681525 2 bytes JMP 76368d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007668153d 2 bytes JMP 762dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076681555 2 bytes JMP 762e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007668156d 2 bytes JMP 76369201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076681585 2 bytes JMP 76368d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007668159d 2 bytes JMP 763688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766815b5 2 bytes JMP 762dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766815cd 2 bytes JMP 762eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766816b2 2 bytes JMP 763690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766816bd 2 bytes JMP 76368891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076681401 2 bytes JMP 762eb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076681419 2 bytes JMP 762eb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076681431 2 bytes JMP 76369149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007668144a 2 bytes CALL 762c4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766814dd 2 bytes JMP 76368a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766814f5 2 bytes JMP 76368c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007668150d 2 bytes JMP 76368938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076681525 2 bytes JMP 76368d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007668153d 2 bytes JMP 762dfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076681555 2 bytes JMP 762e6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007668156d 2 bytes JMP 76369201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076681585 2 bytes JMP 76368d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007668159d 2 bytes JMP 763688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766815b5 2 bytes JMP 762dfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766815cd 2 bytes JMP 762eb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766816b2 2 bytes JMP 763690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766816bd 2 bytes JMP 76368891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\Explorer.EXE[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!CreateProcessAsUserW] [7fefd1d5c61] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Users\DG_Ochota\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Users\DG_Ochota\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\MSVCR120.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Users\DG_Ochota\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\MSVCR120.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\System32\ieframe.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\System32\wer.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!CreateProcessAsUserW] [7fefd1d5c61] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\stobject.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\es.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\System32\pnidui.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\FXSAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\System32\werconcpl.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\prnntfy.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\MSVCR100.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\MSVCR100.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[1916] @ C:\Windows\system32\WinSATAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Program Files\Internet Explorer\IEXPLORE.EXE[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Program Files\Internet Explorer\IEXPLORE.EXE[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!GetClipboardData] [76f9150f] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fee4300750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fee43261b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetWriteFile] [7fefe682e7f] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!HttpSendRequestW] [7fefe682edf] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetReadFileExW] [7fefe682eaf] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetReadFile] [7fefe682e67] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetQueryDataAvailable] [7fefe682f27] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetSetStatusCallbackA] [33fdf0] IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!HttpQueryInfoA] [7fefe682f3f] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!HttpAddRequestHeadersW] [7fefe682f0f] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!HttpQueryInfoW] [7fefe682ef7] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\urlmon.dll[WININET.dll!InternetConnectW] [7fefe682e4f] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ole32.DLL[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ole32.DLL[USER32.dll!GetClipboardData] [76f9150f] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ole32.DLL[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ole32.DLL[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ole32.DLL[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieui.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieui.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!GetClipboardData] [76f9150f] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieframe.dll[USER32.dll!MessageBoxIndirectW] [7fee4300750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!GetClipboardData] [76f9150f] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee43260d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\mshtml.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\mshtml.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\mshtml.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\mshtml.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\mshtml.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[WININET.dll!InternetConnectW] [7fefe682e4f] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[WININET.dll!HttpSendRequestW] [7fefe682edf] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[WININET.dll!HttpQueryInfoW] [7fefe682ef7] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\inetcpl.cpl[WININET.dll!InternetReadFile] [7fefe682e67] C:\Windows\system32\WININET.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPTUI.dll[USER32.dll!MessageBoxExW] [7fee43265d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPTUI.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPTUI.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPTUI.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPTUI.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee43260d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fee4326840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fee4326f30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fee43262b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!CreateProcessAsUserW] [7fefd1d5c61] C:\Windows\system32\advapi32.DLL IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\oleacc.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\explorerframe.dll[USER32.dll!GetClipboardData] [76f9150f] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\explorerframe.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\DUser.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fee42eef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\DUI70.dll[USER32.dll!TranslateMessage] [76f91527] C:\Windows\system32\USER32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[200] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fee42e1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!CreateProcessAsUserW] [7fefd1d5c61] C:\Windows\system32\advapi32.DLL IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateProcessA] [76e8bf39] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Users\DG_Ochota\Downloads\FRST64.exe[3604] @ C:\Windows\System32\wer.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[4948] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[4948] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[3596] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[3596] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[4444] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\notepad.exe[4444] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!CreateProcessW] [76e8bf51] C:\Windows\system32\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\Explorer.EXE [1916:2996] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3000] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3004] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3008] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3012] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3016] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3020] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3040] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3044] 00000000069c5ec3 Thread C:\Windows\Explorer.EXE [1916:3048] 00000000069c5ec3 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4192] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4008] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4452] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:2844] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:3268] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:2856] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4616] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:1408] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4852] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:3780] 0000000000122423 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [200:4164] 0000000000122423 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4332] 00000000002502c0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:2240] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4324] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4836] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4560] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4800] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4196] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4264] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:5000] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:4968] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:5108] 000000000025c34e Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4784:3808] 000000000025c34e Thread C:\Windows\system32\notepad.exe [4948:2684] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:284] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:1688] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:4796] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:1428] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:720] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [4948:2092] 00000000020022d3 Thread C:\Windows\system32\notepad.exe [3596:2892] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:4364] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:4500] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:4508] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:3504] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:4904] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [3596:4308] 00000000001d2263 Thread C:\Windows\system32\notepad.exe [4444:2952] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:4180] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:2264] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:4896] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:1252] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:3276] 00000000001624f3 Thread C:\Windows\system32\notepad.exe [4444:4624] 00000000001624f3 ---- EOF - GMER 2.2 ----