GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-18 18:09:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 698,64GB Running: onp770mq.exe; Driver: C:\Users\mis\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe[4016] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe[3472] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076808781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4760] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4932] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2732] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000774d3250 6 bytes {NOP ; JMP 0xffffffff88e3d50c} .text C:\Program Files\Internet Explorer\iexplore.exe[2732] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000774d6dc0 6 bytes {NOP ; JMP 0xffffffff88e395e4} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000776cf33b 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000776d3b8c 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7682b21b C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7682b346 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 768a8fd1 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 7680489d C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 768a88c4 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 768a8aa0 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 768a87ba C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 768a8b8a C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7681fca8 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 768268ef C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 768a9089 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 768a8bea C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 768a877e C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7681fd41 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7682b2dc C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 768a8f4c C:\windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4484] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 768a8713 C:\windows\syswow64\KERNEL32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fefa8ce450] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fefa8f63b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fefa8ce450] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fefa8f62d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fefa8f62d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fefa8f7130] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Program Files\Internet Explorer\sqmapi.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\POWRPROF.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MSHTML.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MSHTML.dll[USER32.dll!MessageBoxW] [7fefa8f6a40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MSHTML.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MSHTML.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\shdocvw.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\shdocvw.dll[USER32.dll!EnableWindow] [7fefa8bef70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\System32\shdocvw.dll[USER32.dll!DialogBoxParamW] [7fefa8f64b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2732] @ C:\windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefa8b1c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:4036] 0000000075077587 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:4052] 000000006eb18aa6 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:4084] 00000000776cc557 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:3776] 00000000776e27c1 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:3856] 00000000776e27c1 Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3952:5296] 00000000776e27c1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971076042 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710777da Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9713ea45d Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 7024 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971076042 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9710777da (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9713ea45d (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----