GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-23 15:49:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uwtiqpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88006544d8c 12 bytes {MOV RAX, 0xfffffa8006a812a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076441401 2 bytes JMP 7619b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076441419 2 bytes JMP 7619b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076441431 2 bytes JMP 76219011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007644144a 2 bytes CALL 761748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764414dd 2 bytes JMP 7621890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764414f5 2 bytes JMP 76218ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007644150d 2 bytes JMP 76218800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076441525 2 bytes JMP 76218bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007644153d 2 bytes JMP 7618fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076441555 2 bytes JMP 76196907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007644156d 2 bytes JMP 762190c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076441585 2 bytes JMP 76218c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007644159d 2 bytes JMP 762187c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764415b5 2 bytes JMP 7618fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764415cd 2 bytes JMP 7619b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764416b2 2 bytes JMP 76218f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4628] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764416bd 2 bytes JMP 76218759 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010640c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001063e4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001064838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001063600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001064a8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2000] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fe71c00] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Windows\Explorer.EXE[1060] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef7ea0750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef7ec61b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef7ea0750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef7ec60d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef7ec60d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef7ec6f30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WINSPOOL.DRV[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WINSPOOL.DRV[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WINSPOOL.DRV[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\mshtml.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\mshtml.dll[USER32.dll!MessageBoxW] [7fef7ec6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\mshtml.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\mshtml.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef7ec62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef7e8ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4760] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fef7e81c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa8003fb52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006a842c0 Device \Driver\cdrom \Device\CdRom0 fffffa800674b2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006a842c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006a842c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80067b32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6B85A597-B4B8-4C0B-A820-7058B0EA9F92} fffffa80067b32c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006a842c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E} fffffa80067b32c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x98 0x46 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x41 0x98 0x46 0xAB ... ---- EOF - GMER 2.1 ----