GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-12 23:54:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 INTEL_SSDSC2CW120A3 rev.400i 111,79GB Running: wo7xlwhd.exe; Driver: D:\TEMP\kwriypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075529d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075529d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ed3451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ed34b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ed34bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ed34f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ed34f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ed39054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ed3adf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ed552e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ed5535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ed559cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ed55a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ed55ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ed55b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ed55bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ed55bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ed55c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ed55c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006be17e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006be4de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006be5d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006be5d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[1944] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006be5d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef90d36ac 5 bytes JMP 000007fefd9601f0 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef90d3770 5 bytes JMP 000007fefd960298 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef90d38d0 5 bytes JMP 000007fefd9601b8 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef90d3ca4 5 bytes JMP 000007fefd960260 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef90d3d40 5 bytes JMP 000007fefd960228 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef90d7fe0 7 bytes JMP 000007fefd960378 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef90da38c 5 bytes JMP 000007fefd9602d0 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef90f49f0 5 bytes JMP 000007fefd960308 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef90f4ab0 5 bytes JMP 000007fefd960340 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInClose 000007fef90f52e0 5 bytes JMP 000007fefd9603b0 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef90f53c0 5 bytes JMP 000007fefd960490 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef90f5454 5 bytes JMP 000007fefd9604c8 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef90f5514 5 bytes JMP 000007fefd960500 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInStart 000007fef90f55a4 6 bytes JMP 000007fefd9603e8 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInStop 000007fef90f55e4 6 bytes JMP 000007fefd960420 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInReset 000007fef90f5624 5 bytes JMP 000007fefd960458 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef90f567c 5 bytes JMP 000007fefd960538 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007feecc36944 7 bytes JMP 000007fefd960180 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007feecc55a84 7 bytes JMP 000007fefd960148 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007feecc55b90 7 bytes JMP 000007fefd960570 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007feecc55c94 7 bytes JMP 000007fefd9605a8 .text C:\Windows\system\HsMgr64.exe[1184] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007feecc55da8 5 bytes JMP 000007fefd9605e0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075529d0b 5 bytes JMP 000000010326a4d0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075529d4e 5 bytes JMP 000000010326a630 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ed3451e 5 bytes JMP 000000010326ab40 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ed34b6d 5 bytes JMP 000000010326abb0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ed34bf2 5 bytes JMP 000000010326ac90 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ed34f0f 5 bytes JMP 000000010326ac50 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ed34f7b 5 bytes JMP 000000010326ac10 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ed39054 5 bytes JMP 000000010326ad10 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ed3adf9 5 bytes JMP 000000010326abe0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ed552e8 5 bytes JMP 000000010326acd0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ed5535f 5 bytes JMP 000000010326acf0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ed559cc 5 bytes JMP 000000010326ae40 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ed55a6a 5 bytes JMP 000000010326aec0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ed55ad7 5 bytes JMP 000000010326af00 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ed55b5b 5 bytes JMP 000000010326af40 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ed55bba 5 bytes JMP 000000010326af80 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ed55bee 5 bytes JMP 000000010326b000 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ed55c22 5 bytes JMP 000000010326b060 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ed55c67 5 bytes JMP 000000010326b0d0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006be17e3d 5 bytes JMP 000000010326a690 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006be4de69 5 bytes JMP 000000010326a770 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006be5d2c5 5 bytes JMP 000000010326a8a0 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006be5d371 5 bytes JMP 000000010326a990 .text C:\Program Files (x86)\Drakonia Configurator\hid.exe[2176] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006be5d429 5 bytes JMP 000000010326aa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ed3451e 5 bytes JMP 000000010069ab40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ed34b6d 5 bytes JMP 000000010069abb0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ed34bf2 5 bytes JMP 000000010069ac90 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ed34f0f 5 bytes JMP 000000010069ac50 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ed34f7b 5 bytes JMP 000000010069ac10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ed39054 5 bytes JMP 000000010069ad10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ed3adf9 5 bytes JMP 000000010069abe0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ed552e8 5 bytes JMP 000000010069acd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ed5535f 5 bytes JMP 000000010069acf0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ed559cc 5 bytes JMP 000000010069ae40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ed55a6a 5 bytes JMP 000000010069aec0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ed55ad7 5 bytes JMP 000000010069af00 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ed55b5b 5 bytes JMP 000000010069af40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ed55bba 5 bytes JMP 000000010069af80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ed55bee 5 bytes JMP 000000010069b000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ed55c22 5 bytes JMP 000000010069b060 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ed55c67 5 bytes JMP 000000010069b0d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006be17e3d 5 bytes JMP 000000010069a690 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006be4de69 5 bytes JMP 000000010069a770 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006be5d2c5 5 bytes JMP 000000010069a8a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006be5d371 5 bytes JMP 000000010069a990 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006be5d429 5 bytes JMP 000000010069aa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 7540b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 7540b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 75488f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 753e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 75488822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 754889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 75488718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 75488ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 753ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 754068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 75488fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 75488b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 754886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 753ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 7540b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 75488ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2492] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 75488671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ed3451e 5 bytes JMP 0000000102ffab40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ed34b6d 5 bytes JMP 0000000102ffabb0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ed34bf2 5 bytes JMP 0000000102ffac90 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ed34f0f 5 bytes JMP 0000000102ffac50 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ed34f7b 5 bytes JMP 0000000102ffac10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ed39054 5 bytes JMP 0000000102ffad10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ed3adf9 5 bytes JMP 0000000102ffabe0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ed552e8 5 bytes JMP 0000000102ffacd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ed5535f 5 bytes JMP 0000000102ffacf0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ed559cc 5 bytes JMP 0000000102ffae40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ed55a6a 5 bytes JMP 0000000102ffaec0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ed55ad7 5 bytes JMP 0000000102ffaf00 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ed55b5b 5 bytes JMP 0000000102ffaf40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ed55bba 5 bytes JMP 0000000102ffaf80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ed55bee 5 bytes JMP 0000000102ffb000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ed55c22 5 bytes JMP 0000000102ffb060 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ed55c67 5 bytes JMP 0000000102ffb0d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006be17e3d 5 bytes JMP 0000000102ffa690 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006be4de69 5 bytes JMP 0000000102ffa770 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006be5d2c5 5 bytes JMP 0000000102ffa8a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006be5d371 5 bytes JMP 0000000102ffa990 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006be5d429 5 bytes JMP 0000000102ffaa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 7540b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 7540b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 75488f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 753e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 75488822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 754889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 75488718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 75488ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 753ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 754068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 75488fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 75488b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 754886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 753ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 7540b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 75488ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[1532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 75488671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ed3451e 5 bytes JMP 00000001029eab40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ed34b6d 5 bytes JMP 00000001029eabb0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ed34bf2 5 bytes JMP 00000001029eac90 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ed34f0f 5 bytes JMP 00000001029eac50 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ed34f7b 5 bytes JMP 00000001029eac10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ed39054 5 bytes JMP 00000001029ead10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ed3adf9 5 bytes JMP 00000001029eabe0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ed552e8 5 bytes JMP 00000001029eacd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ed5535f 5 bytes JMP 00000001029eacf0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ed559cc 5 bytes JMP 00000001029eae40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ed55a6a 5 bytes JMP 00000001029eaec0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ed55ad7 5 bytes JMP 00000001029eaf00 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ed55b5b 5 bytes JMP 00000001029eaf40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ed55bba 5 bytes JMP 00000001029eaf80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ed55bee 5 bytes JMP 00000001029eb000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ed55c22 5 bytes JMP 00000001029eb060 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ed55c67 5 bytes JMP 00000001029eb0d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006be17e3d 5 bytes JMP 00000001029ea690 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006be4de69 5 bytes JMP 00000001029ea770 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006be5d2c5 5 bytes JMP 00000001029ea8a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006be5d371 5 bytes JMP 00000001029ea990 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006be5d429 5 bytes JMP 00000001029eaa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753c1401 2 bytes JMP 7540b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753c1419 2 bytes JMP 7540b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753c1431 2 bytes JMP 75488f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753c144a 2 bytes CALL 753e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753c14dd 2 bytes JMP 75488822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753c14f5 2 bytes JMP 754889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753c150d 2 bytes JMP 75488718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753c1525 2 bytes JMP 75488ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753c153d 2 bytes JMP 753ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753c1555 2 bytes JMP 754068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753c156d 2 bytes JMP 75488fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753c1585 2 bytes JMP 75488b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753c159d 2 bytes JMP 754886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753c15b5 2 bytes JMP 753ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753c15cd 2 bytes JMP 7540b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753c16b2 2 bytes JMP 75488ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[3308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753c16bd 2 bytes JMP 75488671 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fee4690740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fee46b6140] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fee4690740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee46b6060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee46b6060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fee46b6ec0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\mshtml.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\mshtml.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\mshtml.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\mshtml.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\mfc110u.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\mfc110u.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\mfc110u.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\MSVCR110.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee46b6060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\cscui.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\cscui.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\cscui.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\CSCDLL.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\windowscodecsext.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SearchFolder.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHDOCVW.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHDOCVW.dll[USER32.dll!EnableWindow] [7fee467eee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\SHDOCVW.dll[USER32.dll!DialogBoxParamW] [7fee46b6240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\NetworkExplorer.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WINMM.dll[USER32.dll!MessageBoxW] [7fee46b67d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\PortableDeviceApi.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2708] @ C:\Windows\System32\NLSData0000.dll[KERNEL32.dll!GetProcAddress] [7fee4671c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4528:4644] 000007fee0cf9688 ---- EOF - GMER 2.1 ----