GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-03 15:55:45 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0 Running: r5gxdeop.exe; Driver: C:\Users\Michal\AppData\Local\Temp\fxldrpob.sys ---- System - GMER 1.0.15 ---- SSDT 99E4A410 ZwAlertResumeThread SSDT 99E4A4F0 ZwAlertThread SSDT 874F2E00 ZwAllocateVirtualMemory SSDT 883FF3A0 ZwConnectPort SSDT 99E4A170 ZwCreateMutant SSDT 943FC260 ZwCreateThread SSDT 99E31CA8 ZwFreeVirtualMemory SSDT 99E4A250 ZwImpersonateAnonymousToken SSDT 99E4A330 ZwImpersonateThread SSDT 99E4ADC0 ZwMapViewOfSection SSDT 99E4A090 ZwOpenEvent SSDT 943F0A80 ZwOpenProcessToken SSDT 99E4AB80 ZwOpenThreadToken SSDT 8838AA58 ZwResumeThread SSDT 99E4AAC0 ZwSetContextThread SSDT 99E4AC40 ZwSetInformationProcess SSDT 99E4A9E0 ZwSetInformationThread SSDT 99E42F70 ZwSuspendProcess SSDT 99E4A638 ZwSuspendThread SSDT 943FF428 ZwTerminateProcess SSDT 99E4A900 ZwTerminateThread SSDT 99E4AD00 ZwUnmapViewOfSection SSDT 943FE468 ZwWriteVirtualMemory INT 0x52 ? 86D83F00 INT 0x52 ? 86D83F00 INT 0x52 ? 86D83F00 INT 0x62 ? 86D83F00 INT 0x72 ? 86D83F00 INT 0x72 ? 86D83F00 INT 0x72 ? 86D83F00 INT 0x72 ? 86D83F00 INT 0x92 ? 84A93BF8 INT 0xB2 ? 85423BF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 11D 824AF8A0 8 Bytes [10, A4, E4, 99, F0, A4, E4, ...] {ADC [ESP-0x1b5b0f67], AH; CDQ } .text ntkrnlpa.exe!KeSetEvent + 131 824AF8B4 4 Bytes [00, 2E, 4F, 87] .text ntkrnlpa.exe!KeSetEvent + 1C1 824AF944 4 Bytes [A0, F3, 3F, 88] .text ntkrnlpa.exe!KeSetEvent + 1F5 824AF978 4 Bytes [70, A1, E4, 99] {JO 0xffffffffffffffa3; IN AL, 0x99} .text ntkrnlpa.exe!KeSetEvent + 221 824AF9A4 4 Bytes [60, C2, 3F, 94] {PUSHA ; RET 0x943f} .text ... ? System32\Drivers\spkl.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8CF2841B 5 Bytes JMP 86D834E0 .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAE509400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE5AD620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE5AD620] .protect˙˙˙˙hardlockunknown last code section [0xAE5AD400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAE5AD400, 0x5126, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- ? C:\Windows\system32\services.exe[736] C:\Windows\system32\services.exe Nie można odnaleźć określonego pliku. .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] kernel32.dll!CreateThread 75C6C90E 5 Bytes JMP 68B57133 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateDialogParamW 75F372A2 5 Bytes JMP 68CE5C79 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!GetAsyncKeyState 75F3863C 2 Bytes JMP 68B3DC09 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!GetAsyncKeyState + 3 75F3863F 2 Bytes [C0, F2] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!SetWindowsHookExW 75F387AD 5 Bytes JMP 68B91FE4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CallNextHookEx 75F38E3B 5 Bytes JMP 68BB7AEF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!UnhookWindowsHookEx 75F398DB 5 Bytes JMP 68BDEB70 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 68B99884 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DefWindowProcA 75F3DB88 7 Bytes JMP 68B59345 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateWindowExA 75F3DC2A 2 Bytes JMP 68B63173 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateWindowExA + 3 75F3DC2D 2 Bytes [C2, F2] .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateWindowExW 75F41305 5 Bytes JMP 68BBFF57 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!GetKeyState 75F48CB1 5 Bytes JMP 68B3DAE3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DefWindowProcW 75F503B4 7 Bytes JMP 68BB7B52 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!IsDialogMessageW 75F50745 5 Bytes JMP 68CE6406 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateDialogParamA 75F517AA 5 Bytes JMP 68CE5C41 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!IsDialogMessage 75F51847 5 Bytes JMP 68CE63DE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateDialogIndirectParamA 75F526F1 5 Bytes JMP 68CE5CB1 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!CreateDialogIndirectParamW 75F59A62 5 Bytes JMP 68CE5CE9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!SetKeyboardState 75F60987 5 Bytes JMP 68CE6CCD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 68AF15BB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 68CE590F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!SendInput 75F62F75 5 Bytes JMP 68CE6C75 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!EndDialog 75F6326E 5 Bytes JMP 68CE66B2 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!SetCursorPos 75F76FB2 5 Bytes JMP 68CE6D4E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 68CE58AA C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 68CE5974 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 68CE5831 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 68CE57B8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 68CE5754 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 68CE56F0 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] USER32.dll!keybd_event 75F8D972 5 Bytes JMP 68CE6C32 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] SHELL32.dll!SHRestricted + D95 760589A8 4 Bytes [37, 01, 11, 6D] {AAA ; ADD [ECX], EDX; INSD } .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] SHELL32.dll!SHRestricted + D9D 760589B0 8 Bytes [60, 61, 10, 6D, E1, F6, 10, ...] {PUSHA ; POPA ; ADC [EBP-0x1f], CH; NOT BYTE [EAX]; INSD } .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] ole32.dll!OleLoadFromStream 75E01E80 5 Bytes JMP 68CE6110 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] ole32.dll!CoCreateInstance 75E39F3E 5 Bytes JMP 68BBB6D4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3752] USER32.dll!InSendMessageEx + 4C9 75F3E7C8 7 Bytes JMP 5A08C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3752] USER32.dll!CreateWindowExW + AA 75F413AF 7 Bytes JMP 5A08C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3752] USER32.dll!GetWindowInfo 75F4428E 5 Bytes JMP 59E4BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3752] USER32.dll!SetMenuItemBitmaps + 71 75F514EE 7 Bytes JMP 59E4C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateFile + 6 76F2422A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateFile + B 76F2422F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateKey + 6 76F2426A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateKey + B 76F2426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateMutant + 6 76F2429A 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateMutant + B 76F2429F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateSection + 6 76F2431A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtCreateSection + B 76F2431F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtMapViewOfSection + 6 76F2497A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtMapViewOfSection + B 76F2497F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenFile + 6 76F24A0A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenFile + B 76F24A0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenKey + 6 76F24A3A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenKey + B 76F24A3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenMutant + 6 76F24A5A 4 Bytes CALL 75F25060 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenMutant + B 76F24A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcess + 6 76F24A8A 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcess + 6 76F24A8A 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcess + B 76F24A8F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcessToken + 6 76F24A9A 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcessToken + 6 76F24A9A 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcessToken + B 76F24A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcessTokenEx + 6 76F24AAA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenProcessTokenEx + B 76F24AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenSection + 6 76F24ABA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenSection + B 76F24ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThread + 6 76F24AFA 4 Bytes CALL 75F25101 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThread + B 76F24AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThreadToken + 6 76F24B0A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThreadToken + 6 76F24B0A 4 Bytes CALL 75F25112 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThreadToken + B 76F24B0F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThreadTokenEx + 6 76F24B1A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtOpenThreadTokenEx + B 76F24B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtQueryAttributesFile + 6 76F24BAA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtQueryAttributesFile + B 76F24BAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtQueryFullAttributesFile + 6 76F24C5A 4 Bytes CALL 75F2525F .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtQueryFullAttributesFile + B 76F24C5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtSetInformationFile + 6 76F2513A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtSetInformationFile + B 76F2513F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtSetInformationThread + 6 76F2518A 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtSetInformationThread + 6 76F2518A 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtSetInformationThread + B 76F2518F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtUnmapViewOfSection + 6 76F2542A 4 Bytes CALL 75F25A33 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ntdll.dll!NtUnmapViewOfSection + B 76F2542F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] kernel32.dll!CreateProcessW 75C21BF3 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] kernel32.dll!CreateProcessA 75C21C28 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] kernel32.dll!OpenEventW 75C3BF97 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] kernel32.dll!CreateEventW 75C6B65E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!DeleteObject 75D05A37 5 Bytes JMP 000801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetDeviceCaps 75D0617F 5 Bytes JMP 000803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SelectObject 75D062A0 5 Bytes JMP 000805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetTextColor 75D0666B 5 Bytes JMP 000809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetBkMode 75D06716 5 Bytes JMP 000808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!DeleteDC 75D068CD 5 Bytes JMP 00080170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetCurrentObject 75D06B58 5 Bytes JMP 00080370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetStretchBltMode 75D07206 5 Bytes JMP 00080670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SaveDC 75D075BA 5 Bytes JMP 00080570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!RestoreDC 75D07675 5 Bytes JMP 00080530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!StretchDIBits 75D078CF 5 Bytes JMP 00080730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!ExtSelectClipRgn 75D079F8 5 Bytes JMP 000802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SelectClipRgn 75D07AF9 5 Bytes JMP 000805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!MoveToEx 75D07C33 5 Bytes JMP 00080470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!Rectangle 75D07EA9 5 Bytes JMP 00080970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextAlign 75D082E0 5 Bytes JMP 00080D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetTextAlign 75D085CB 5 Bytes JMP 000809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!ExtTextOutW 75D0872B 5 Bytes JMP 00080930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextMetricsW 75D08A81 5 Bytes JMP 00080DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!IntersectClipRect 75D08B64 5 Bytes JMP 000803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetClipBox 75D09071 5 Bytes JMP 00080330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetICMMode 75D094E7 5 Bytes JMP 00080D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!CreateDCW 75D0A91D 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!CreateDCA 75D0AA49 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!CreateICW 75D0B2E9 5 Bytes JMP 00080130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextFaceW 75D0B637 5 Bytes JMP 00080CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetFontData 75D0BA6C 5 Bytes JMP 00080C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextExtentPoint32W 75D0C01A 5 Bytes JMP 00080630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetWorldTransform 75D0C46A 5 Bytes JMP 000806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!LineTo 75D0C65E 5 Bytes JMP 00080430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextMetricsA 75D0CCEB 5 Bytes JMP 00080DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!ExtTextOutA 75D100A5 5 Bytes JMP 000808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!ExtEscape 75D122A7 5 Bytes JMP 000802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!Escape 75D127F1 5 Bytes JMP 00080270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!ResetDCW 75D13132 5 Bytes JMP 00080A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!EndPage 75D1375E 5 Bytes JMP 00080230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetPolyFillMode 75D161D3 5 Bytes JMP 00080AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SetMiterLimit 75D162E2 5 Bytes JMP 00080B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetTextFaceA 75D1F4C5 5 Bytes JMP 00080CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!GetGlyphOutlineW 75D2A41F 5 Bytes JMP 00080C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!CreateScalableFontResourceW 75D2C88B 5 Bytes JMP 00080B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!AddFontResourceW 75D2CC93 5 Bytes JMP 00080BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!RemoveFontResourceW 75D2D129 5 Bytes JMP 00080BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!AbortDoc 75D32CC4 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!EndDoc 75D330D8 5 Bytes JMP 000801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!StartPage 75D331C3 5 Bytes JMP 000806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!StartDocW 75D33CA7 5 Bytes JMP 000807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!BeginPath 75D34465 5 Bytes JMP 000807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!SelectClipPath 75D344BC 5 Bytes JMP 00080AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!CloseFigure 75D34517 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!EndPath 75D3456E 5 Bytes JMP 00080A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!StrokePath 75D347A0 5 Bytes JMP 00080770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!FillPath 75D3482C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!FillPath 75D3482C 5 Bytes JMP 00080830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!PolylineTo 75D34C95 5 Bytes JMP 000804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!PolyBezierTo 75D34D25 5 Bytes JMP 000804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] GDI32.dll!PolyDraw 75D34DD6 5 Bytes JMP 00080870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!SetCursor 75F3D37D 5 Bytes JMP 00090530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!RegisterClipboardFormatW 75F3D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!RegisterClipboardFormatW 75F3D6AC 5 Bytes JMP 000902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!ActivateKeyboardLayout 75F4478C 5 Bytes JMP 000904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!IsWindowVisible 75F4878A 7 Bytes JMP 000906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!MonitorFromWindow 75F488D4 7 Bytes JMP 00090630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!ScreenToClient 75F48C56 7 Bytes JMP 00090670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClientRect 75F48F0D 7 Bytes JMP 000905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetParent 75F490AA 7 Bytes JMP 000906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!RegisterClipboardFormatA 75F4A111 5 Bytes JMP 000902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!PostMessageW 75F4A175 5 Bytes JMP 000905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!MapWindowPoints 75F4A30D 5 Bytes JMP 00090570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardFormatNameA 75F4A552 5 Bytes JMP 00090270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetOpenClipboardWindow 75F526A6 5 Bytes JMP 000903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!SetClipboardViewer 75F5BA2D 5 Bytes JMP 000904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!IsClipboardFormatAvailable 75F5C2E3 5 Bytes JMP 000900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!CloseClipboard 75F5C2F7 5 Bytes JMP 000900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!OpenClipboard 75F5C31D 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetTopWindow 75F5CE0A 7 Bytes JMP 00090730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardSequenceNumber 75F5D8B7 5 Bytes JMP 00090330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!ChangeClipboardChain 75F5DF83 5 Bytes JMP 00090430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!CountClipboardFormats 75F60048 5 Bytes JMP 000901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardOwner 75F626EF 5 Bytes JMP 00090370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!SetClipboardData 75F76410 5 Bytes JMP 00090170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!EnumClipboardFormats 75F76D16 5 Bytes JMP 000901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!SetCursorPos 75F76FB2 5 Bytes JMP 00090770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardData 75F7715A 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardFormatNameW 75F7A99F 5 Bytes JMP 00090230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!EmptyClipboard 75F9398B 5 Bytes JMP 00090130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetClipboardViewer 75F939ED 5 Bytes JMP 00090470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] USER32.dll!GetPriorityClipboardFormat 75F93AEF 5 Bytes JMP 000903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ole32.dll!OleGetClipboard 75E574C9 5 Bytes JMP 000A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ole32.dll!OleSetClipboard 75E811E3 5 Bytes JMP 000A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] ole32.dll!OleIsCurrentClipboard 75E8A8F9 5 Bytes JMP 000A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!FreeContextBuffer 75422D83 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!DeleteSecurityContext 75422F18 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!FreeCredentialsHandle 75423598 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!EncryptMessage 75423745 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!DecryptMessage 75423813 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!InitializeSecurityContextA 754287DF 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!AcquireCredentialsHandleA 75428A43 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!QueryContextAttributesA 75428E77 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!ApplyControlToken 7542DE4F 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] Secur32.dll!QueryCredentialsAttributesA 7542E052 5 Bytes JMP 000C00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5732] ntdll.dll!LdrLoadDll 76EE93A8 5 Bytes JMP 59CCB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5732] kernel32.dll!LockResource + C 75C668EB 7 Bytes JMP 59F7B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5732] kernel32.dll!VirtualAllocEx + 54 75C6AD50 7 Bytes JMP 59F7B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5732] GDI32.dll!SetStretchBltMode + 256 75D0745C 7 Bytes JMP 59F7B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 68B99884 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 68AF15BB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 68CE590F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 68CE58AA C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 68CE5974 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 68CE5831 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 68CE57B8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 68CE5754 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[6024] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 68CE56F0 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Users\Michal\AppData\Local\Temp\40F9.tmp[6804] kernel32.dll!FlsFree + 4F 75C641D3 5 Bytes CALL 001B15CD C:\Users\Michal\AppData\Local\Temp\MSIMG32.dll .text C:\Users\Michal\AppData\Local\Temp\40F9.tmp[6804] kernel32.dll!ExitProcess + 1 75C641D9 1 Byte [FF] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A906D2] \SystemRoot\System32\Drivers\spkl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A90040] \SystemRoot\System32\Drivers\spkl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A907FC] \SystemRoot\System32\Drivers\spkl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A900BE] \SystemRoot\System32\Drivers\spkl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A9013C] \SystemRoot\System32\Drivers\spkl.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A9FD92] \SystemRoot\System32\Drivers\spkl.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74407817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7445A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7440BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74438395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7440DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7448CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7442C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2900] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74402AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6D110206] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6D105E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6D11BBBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6D11DFF5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6D117EBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6D11F46C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6D11F8B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6D120736] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6D11FC5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D11B4D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D11AB47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D1114BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6D110D90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6D106035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6D1071F8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6D12332D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6D111932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6D106612] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6D105E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6D11BBBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6D110206] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6D11F8B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6D11F90C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6D120697] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6D11FC5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6D120736] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6D110A47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6D11EF43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6D119195] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6D11E6AB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6D11EC67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6D11C61D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6D105EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6D11F46C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6D119307] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6D106211] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6D11DFF5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6D11EDD3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6D11DF29] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6D117B50] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6D117EBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6D10F159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6D11E3C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D11B4D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D11AB47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6D11A9A3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6D105E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6D119307] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6D11FC5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6D120736] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6D110206] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6D105EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6D119195] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6D10F159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6D11F90C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6D120697] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6D11F8B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6D11F229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6D110A47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6D11D62B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6D11D4C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6D106612] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6D122F1D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6D1231E5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6D123A97] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6D10EE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6D111932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6D106035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6D1107C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6D1238EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6D12332D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6D1114BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6D1071F8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6D110D90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6D123DF1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6D10F273] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6D123F57] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6D123C8F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6D10FC2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6D11A4D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6D120736] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6D11E3C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6D11A80B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6D11B1B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6D11B4D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6D11C409] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6D11F46C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6D11BBBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6D119EB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6D105E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6D117EBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6D11DFF5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6D11FC5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6D11F8B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6D119A5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6D110A47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6D110206] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6D11A1B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6D11AB47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6D11EDD3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6D106211] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6D119307] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6D105EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6D11E02D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6D119BD5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6D1195FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6D1198EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6D11CA7B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6D11D62B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6D11D08B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6D120D67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6D10F68D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6D10F77F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6D120CB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6D121E9E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6D121001] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6D10FA8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6D12123E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6D10F9E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6D1214AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6D1214FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6D121BCA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6D1210FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6D121B32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6D12195A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6D10E1CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6D121A9A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6D1212DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6D12159B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6D1211F0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6D1218B6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6D120EBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6D1226D5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6D1228A3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6D1073B0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6D1100E0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6D10FB73] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6D104904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6D121376] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6D121724] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6D121688] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6D121C18] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6D12180E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6D10F993] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6D105C88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6D1048A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6D120F0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6D121F94] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6D122ACE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6D12203F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6D1220F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6D11008B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6D121EEF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6D118B86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6D11F8B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6D11FC5F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6D105E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6D110206] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6D117EBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6D11C77D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6D119BD5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6D1195FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6D106367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6D104DAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6D105EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6D106CA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6D10F639] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6D121E9E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6D121F94] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6D122A71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6D122ACE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6D1100E0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6D106445] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6D104C2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6D1048A7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6D104904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6D1064A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3256] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6D104743] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 000907D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00090790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[5300] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000907D0 ---- Devices - GMER 1.0.15 ---- Device 854251F8 Device Ntfs.sys (Sterownik systemu plików NT/Microsoft Corporation) Device AAADC500 Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device \Driver\netbt \Device\NetBT_Tcpip_{1CA8ABD6-A321-41E6-9EA8-5FB5B2811226} 883F6500 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs B5AC9430 ---- Processes - GMER 1.0.15 ---- Library C:\Windows\system32\services.exe (*** hidden *** ) @ C:\Windows\system32\services.exe [736] 0x00B70000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@00188d6ae5dd 0xB5 0x2B 0x29 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0018c5240cb3 0xCA 0x89 0xF6 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0017e5d3b78c 0xBE 0xC7 0x4E 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0017e4b34626 0x2C 0x8D 0xA3 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0012d18bad84 0xE2 0x9A 0x7B 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@002108da4f53 0xB3 0x87 0x75 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@002403c27361 0x5B 0x33 0xB8 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@00247c35d67a 0x0B 0x3F 0x13 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0019b750fc23 0xAF 0xC6 0x01 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0026698b6ab4 0xCB 0x27 0x8A 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x70 0x60 0xA7 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@00188d6ae5dd 0xB5 0x2B 0x29 0xCB ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0018c5240cb3 0xCA 0x89 0xF6 0x54 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0017e5d3b78c 0xBE 0xC7 0x4E 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0017e4b34626 0x2C 0x8D 0xA3 0x04 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0012d18bad84 0xE2 0x9A 0x7B 0x8C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@002108da4f53 0xB3 0x87 0x75 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@002403c27361 0x5B 0x33 0xB8 0x0E ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@00247c35d67a 0x0B 0x3F 0x13 0xC0 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0019b750fc23 0xAF 0xC6 0x01 0x74 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce0e93b@0026698b6ab4 0xCB 0x27 0x8A 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA6 0x70 0x60 0xA7 ... ---- Files - GMER 1.0.15 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid 65536 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid 65536 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir 4096 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid 65536 bytes ---- EOF - GMER 1.0.15 ----