GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-07 20:13:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0002SDM1 298,09GB Running: jhnmqgsg.exe; Driver: C:\Users\Emil\AppData\Local\Temp\kgldipod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800035f4000 64 bytes [00, 00, 0C, 02, 46, 4D, 73, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 513 fffff800035f4041 80 bytes {SHL DWORD [RSI+0x5], 0x1; CMP DL, 0xff; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076501401 2 bytes JMP 7698b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076501419 2 bytes JMP 7698b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076501431 2 bytes JMP 76a08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007650144a 2 bytes CALL 769648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000765014dd 2 bytes JMP 76a087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000765014f5 2 bytes JMP 76a08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007650150d 2 bytes JMP 76a08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076501525 2 bytes JMP 76a08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007650153d 2 bytes JMP 7697fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076501555 2 bytes JMP 769868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007650156d 2 bytes JMP 76a08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076501585 2 bytes JMP 76a08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007650159d 2 bytes JMP 76a0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000765015b5 2 bytes JMP 7697fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000765015cd 2 bytes JMP 7698b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000765016b2 2 bytes JMP 76a08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1760] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000765016bd 2 bytes JMP 76a085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076501401 2 bytes JMP 7698b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076501419 2 bytes JMP 7698b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076501431 2 bytes JMP 76a08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007650144a 2 bytes CALL 769648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765014dd 2 bytes JMP 76a087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765014f5 2 bytes JMP 76a08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007650150d 2 bytes JMP 76a08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076501525 2 bytes JMP 76a08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007650153d 2 bytes JMP 7697fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076501555 2 bytes JMP 769868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007650156d 2 bytes JMP 76a08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076501585 2 bytes JMP 76a08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007650159d 2 bytes JMP 76a0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765015b5 2 bytes JMP 7697fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765015cd 2 bytes JMP 7698b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765016b2 2 bytes JMP 76a08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765016bd 2 bytes JMP 76a085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000076963488 5 bytes JMP 0000000105153370 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000769648f3 5 bytes JMP 0000000105151360 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000076965939 5 bytes JMP 0000000105152368 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\advapi32.DLL!RegSetValueExW 0000000074f61456 5 bytes JMP 0000000105154378 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\user32.DLL!DestroyWindow 0000000076189a55 5 bytes JMP 0000000105156388 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\shlwapi.DLL!SHRegWriteUSValueW 0000000074f2d3c2 5 bytes JMP 0000000105155380 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076501401 2 bytes JMP 7698b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076501419 2 bytes JMP 7698b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076501431 2 bytes JMP 76a08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007650144a 2 bytes CALL 769648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765014dd 2 bytes JMP 76a087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765014f5 2 bytes JMP 76a08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007650150d 2 bytes JMP 76a08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076501525 2 bytes JMP 76a08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007650153d 2 bytes JMP 7697fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076501555 2 bytes JMP 769868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007650156d 2 bytes JMP 76a08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076501585 2 bytes JMP 76a08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007650159d 2 bytes JMP 76a0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765015b5 2 bytes JMP 7697fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765015cd 2 bytes JMP 7698b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765016b2 2 bytes JMP 76a08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765016bd 2 bytes JMP 76a085f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [3680] entry point in ".rdata" section 000000006d4271e6 .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076501401 2 bytes JMP 7698b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076501419 2 bytes JMP 7698b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076501431 2 bytes JMP 76a08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007650144a 2 bytes CALL 769648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765014dd 2 bytes JMP 76a087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765014f5 2 bytes JMP 76a08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007650150d 2 bytes JMP 76a08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076501525 2 bytes JMP 76a08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007650153d 2 bytes JMP 7697fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076501555 2 bytes JMP 769868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007650156d 2 bytes JMP 76a08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076501585 2 bytes JMP 76a08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007650159d 2 bytes JMP 76a0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765015b5 2 bytes JMP 7697fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765015cd 2 bytes JMP 7698b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765016b2 2 bytes JMP 76a08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\SpeedBit\SBUpdate\SBUpdate.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765016bd 2 bytes JMP 76a085f1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000e53e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000e53c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000e54614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88000e54a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000e5486c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef692d8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef69563e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef692d8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef6956300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef6956300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef6957160] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\shdocvw.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\shdocvw.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\shdocvw.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSVCR110.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSRATING.DLL[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSRATING.DLL[USER32.dll!EnableWindow] [7fef6912090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSRATING.DLL[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\MSRATING.DLL[USER32.dll!DialogBoxParamW] [7fef69564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\rasman.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\rtutils.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ c:\Program Files\Microsoft Security Client\MpOAv.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ c:\Program Files\Microsoft Security Client\mpclient.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\System32\NLSData0000.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WINMM.dll[USER32.dll!MessageBoxW] [7fef6956a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7fef6911800] C:\Program Files\Internet Explorer\IEShims.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8002add2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa8002add2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8002add2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa8002add2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa8002add2c0 Device \Driver\a4f8gdaw \Device\Scsi\a4f8gdaw1Port3Path0Target0Lun0 fffffa80038492c0 Device \Driver\a4f8gdaw \Device\Scsi\a4f8gdaw1 fffffa80038492c0 Device \FileSystem\Ntfs \Ntfs fffffa8002ae32c0 Device \Driver\dtsoftbus01 \Device\00000068 fffffa80034c32c0 Device \Driver\usbehci \Device\USBPDO-5 fffffa80037b52c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80037b52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80037b52c0 Device \Driver\cdrom \Device\CdRom0 fffffa80034f92c0 Device \Driver\cdrom \Device\CdRom1 fffffa80034f92c0 Device \Driver\cdrom \Device\CdRom2 fffffa80034f92c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80037542c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80037542c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80037542c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80034c32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF69D52C-8CAA-4903-82C3-6FD2054F8C77} fffffa800369d2c0 Device \Driver\usbehci \Device\USBFDO-5 fffffa80037b52c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80037b52c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80037b52c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800369d2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80037542c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8002add2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80037542c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80037542c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8002add2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8002add2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{7F5ACEC8-ECA3-4A30-8AE6-F035EE02DB17} fffffa800369d2c0 Device \Driver\a4f8gdaw \Device\ScsiPort3 fffffa80038492c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E98B556F-430C-49C5-A84B-0974EA38F52F} fffffa800369d2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8002add2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa8002add2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800312d6b0] fffffa800312d6b0 Trace 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030bb060] fffffa80030bb060 Trace \Driver\atapi[0xfffffa8002ba9ac0] -> IRP_MJ_CREATE -> 0xfffffa8002add2c0 fffffa8002add2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a4f8gdaw.SYS fffff88006f99000-fffff88006fe4000 (307200 bytes) ---- Processes - GMER 2.1 ---- Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8118BAE-D46D-486B-859C-36C6F9E6EE7F}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [856](2015-02-07 18:24:18) 000007fef5b40000 Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2192](2015-01-29 15:53:19) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2192](2015-01-29 15:53:19) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2192](2015-01-29 15:53:19) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2192](2015-01-29 15:53:19) 000000006ff00000 ---- Files - GMER 2.1 ---- File C:\Users\Emil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ72ZM5O\checkLoggedIn[1].js 342 bytes ---- EOF - GMER 2.1 ----