Solved Laptop running very slow

PAUL SHILLAM · 2012/09/27

[Resolved] Laptop running very slow

My wifes laptop is running very slow for a few weeks now. It also hangs for a few minutes when first switched on. It is running windows vista and has 2 gig of memory.
I have done a full scan with McAfee which did not find anything.
I have just done a scan with Malwarebytes which also found nothing. I'll copy the log here.
Regards Paul

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
shillam :: SUES-LAPTOP [administrator]

27/09/2012 09:22:06
mbam-log-2012-09-27 (09-22-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232909
Time elapsed: 24 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

PAUL SHILLAM · 2012/09/27

I have run GMER it took 2 hours five minutes and gave no indication that it had finished apar from no activity. I saved it to my desktop as gmer.log and copy it. But when I try to paste it to the reply thread it sys it is too long 390671 charators. So I tried to open the log to split it up into many portions but I can't find the log.

PAUL SHILLAM · 2012/09/27

Just found the log here is the first part

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-27 12:18:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10
Running: hpsc3r7k.exe; Driver: C:\Users\shillam\AppData\Local\Temp\pwliypoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys ZwCreateThreadEx [0x92B19640]

INT 0x81 ? 926EEA50
INT 0x91 ? 926EECD0
INT 0xB2 ? 926EE7D0

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D4435A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8D4435D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D4435BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D443594]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 87664992 5 Bytes JMP 8D443598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 6E1 876E5DA4 4 Bytes [40, 96, B1, 92] {INC EAX; XCHG ESI, EAX; MOV CL, 0x92}
PAGE ntkrnlpa.exe!ZwTerminateProcess 8782A143 5 Bytes JMP 8D4435D6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8784989A 7 Bytes JMP 8D4435AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 87849B5D 5 Bytes JMP 8D4435C2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[236] ntdll.dll!KiUserApcDispatcher 77305B78 5 Bytes JMP 0043A9F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[236] kernel32.dll!LoadLibraryExW + 173 76D393EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[236] USER32.dll!InSendMessageEx + 3B1 770BE6B0 6 Bytes JMP 00464650 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[236] WS2_32.dll!getaddrinfo 76C5418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[236] WS2_32.dll!gethostbyname 76C662D4 5 Bytes JMP 71A60022
.text C:\Windows\system32\svchost.exe[452] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[452] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0018002C
.text C:\Windows\system32\svchost.exe[452] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00420071
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00420F21
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00420EF5
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 0042008C
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00420F4D
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00420FCA
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00420FAF
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00420F32
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00420F5E
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00420F79
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 0042001B
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00420F94
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00420042
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 004200A7
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00420FDB
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00420000
.text C:\Windows\system32\svchost.exe[452] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00420F10
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 008E0FA6
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!system 771A805B 5 Bytes JMP 008E0027
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 008E0FD2
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!_open 771AD116 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 008E0FB7
.text C:\Windows\system32\svchost.exe[452] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 008E0FE3
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00430F94
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00430FCA
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00430000
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00430FAF
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00430051
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0043002C
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 0043001B
.text C:\Windows\system32\svchost.exe[452] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00430FDB
.text C:\Windows\system32\svchost.exe[452] WS2_32.dll!socket 76C536D1 5 Bytes JMP 003C0FE5
.text C:\Windows\system32\svchost.exe[624] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00080FE5
.text C:\Windows\system32\svchost.exe[624] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00080025
.text C:\Windows\system32\svchost.exe[624] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 000E00B5
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 000E00A4
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000E00F2
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 000E00D7
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 000E007F
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 000E0F79
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 000E0058
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 000E0FA5
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 000E0047
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 000E0F8A
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 000E0F40
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateFileW 76D5B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[624] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 000E00C6
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 003A0FD9
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!system 771A805B 5 Bytes JMP 003A0064
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 003A0038
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!_open 771AD116 5 Bytes JMP 003A0000
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 003A0053
.text C:\Windows\system32\svchost.exe[624] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 003A001D
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00390FA8
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00390036
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00390FB9
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00390065
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0039001B
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 0039000A
.text C:\Windows\system32\svchost.exe[624] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00390FCA
.text C:\Windows\system32\svchost.exe[624] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00090000
.text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00190FE5
.text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0019000A
.text C:\Windows\system32\services.exe[760] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00190FD4
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001B0078
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 001B0067
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001B0F06
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001B009D
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 001B0F7C
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 001B0FDE
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 001B0FCD
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 001B0F46
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 001B004A
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 001B0F97
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 001B002F
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 001B0FA8
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 001B0F57
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 001B0EEB
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileW 76D5B0EB 1 Byte [E9]
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 001B0000
.text C:\Windows\system32\services.exe[760] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 001B0F17
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 001C005B
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 001C0040
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 001C0FB9
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 001C0F9E
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 001C0014
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 001C0025
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\services.exe[760] msvcrt.dll!system 771A805B 5 Bytes JMP 001D0044
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 001D0018
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_open 771AD116 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 001D0029
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\services.exe[760] WS2_32.dll!socket 76C536D1 5 Bytes JMP 001A0000
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00190000
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0019002C
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 0019001B
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001B0F59
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 001B009F
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001B00C4
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001B0F2D
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 001B0062
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 001B0025
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 001B008E
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 001B0F94
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 001B0051
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 001B0036
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 001B0073
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 001B0F12
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 001B0000
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 001B0F3E
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 001C0069
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 001C0033
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 001C0000
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 001C004E
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 001C0084
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 001C0FD1
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 001C0011
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 001C0022
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 002A0038
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!system 771A805B 5 Bytes JMP 002A0027
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 002A0FD2
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_open 771AD116 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 002A0FC1
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 002A000C
.text C:\Windows\system32\lsass.exe[772] WS2_32.dll!socket 76C536D1 5 Bytes JMP 001A0FEF
.text C:\Windows\Explorer.EXE[832] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00080000
.text C:\Windows\Explorer.EXE[832] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00080036
.text C:\Windows\Explorer.EXE[832] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00080011
.text C:\Windows\Explorer.EXE[832] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 0001005E
.text C:\Windows\Explorer.EXE[832] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00010F0E
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00010EF3
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 0001008A
.text C:\Windows\Explorer.EXE[832] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00010F3A
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 0001002F
.text C:\Windows\Explorer.EXE[832] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00010F4B
.text C:\Windows\Explorer.EXE[832] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[832] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00010014
.text C:\Windows\Explorer.EXE[832] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[832] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00010F1F
.text C:\Windows\Explorer.EXE[832] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 000100A5
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[832] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[832] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 0001006F
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 000A0F9E
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 000A0036
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 000A000A
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 000A0FB9
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 000A0F83
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 000A0FCA
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 000A0FE5
.text C:\Windows\Explorer.EXE[832] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 000A0025
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 000B0FAF
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!system 771A805B 5 Bytes JMP 000B0FCA
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 000B003A
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!_open 771AD116 5 Bytes JMP 000B0000
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 000B0FE5
.text C:\Windows\Explorer.EXE[832] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 000B001D
.text C:\Windows\Explorer.EXE[832] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 03E10FEF
.text C:\Windows\Explorer.EXE[832] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 03E10025
.text C:\Windows\Explorer.EXE[832] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 03E1000A
.text C:\Windows\Explorer.EXE[832] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 03E10FD4
.text C:\Windows\Explorer.EXE[832] WS2_32.dll!socket 76C536D1 5 Bytes JMP 03E30000
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 002C0FE5

PAUL SHILLAM · 2012/09/27

N.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 002C0FE5
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 002C0011
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 002D008C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 002D0F46
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 002D00B8
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 002D00A7
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 002D0F68
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 002D0FB9
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 002D0F57
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 002D0042
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 002D0F83
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 002D0025
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 002D0FA8
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 002D005D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 002D00DD
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 002D0FD4
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 002D0F2B
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00450053
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 771A805B 5 Bytes JMP 00450042
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 0045000C
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 771AD116 5 Bytes JMP 00450FE3
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00450027
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00450FD2
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 0043005B
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00430FB9
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00430000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00430040
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 0043006C
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0043001B
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00430FEF
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00430FCA
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 76C536D1 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001E00D3
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 001E00C2
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001E0F57
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001E00EE
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 001E008C
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 001E001E
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 001E0F97
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 001E0071
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 001E0043
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 001E0054
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 001E0FB2
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 001E009D
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 001E0109
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 001E0F72
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00250FAF
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 771A805B 5 Bytes JMP 00250FC0
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 0025003A
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 771AD116 5 Bytes JMP 0025000C
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00250FE5
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0025001D
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 001F0040
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 001F002F
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 001F0051
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 76C536D1 5 Bytes JMP 0010000A
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00400000
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00400FDB
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00400011
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00430F57
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00430F72
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00430F21
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 004300B8
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00430082
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00430FC3
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0043001E
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00430F83
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00430F9E
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00430040
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 0043005B
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 0043002F
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00430093
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 004300C9
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00430FDE
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00430FEF
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00430F3C
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00560033
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!system 771A805B 5 Bytes JMP 00560FA8
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00560FD4
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_open 771AD116 5 Bytes JMP 00560FEF
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00560FC3
.text C:\Windows\System32\svchost.exe[1068] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00560018
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00550F97
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00550FC3
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00550FEF
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00550FA8
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 0055004A
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00550FD4
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 0055000A
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00550025
.text C:\Windows\System32\svchost.exe[1068] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00420FEF
.text C:\Windows\System32\svchost.exe[1068] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 00410FEF
.text C:\Windows\System32\svchost.exe[1068] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 00410FC3
.text C:\Windows\System32\svchost.exe[1068] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00410FD4
.text C:\Windows\System32\svchost.exe[1068] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 00410FA8
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1148] ntdll.dll!KiUserApcDispatcher 77305B78 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1148] kernel32.dll!LoadLibraryExW + 173 76D393EF 4 Bytes JMP 71AB000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1148] WS2_32.dll!getaddrinfo 76C5418A 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1148] WS2_32.dll!gethostbyname 76C662D4 5 Bytes JMP 71AE0022
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 002E0FDB
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 002E001B
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 008F0F3A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 008F0076
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 008F00A5
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 008F0F18
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 008F0F8B
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 008F0FCD
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 008F0014
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 008F0F55
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 008F0FA8
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 008F004A
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 008F0065
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 008F0025
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 008F0F66
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 008F0EF3
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 008F0FDE
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 008F0FEF
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 008F0F29
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00DE004E
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!system 771A805B 5 Bytes JMP 00DE003D
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00DE001B
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_open 771AD116 5 Bytes JMP 00DE0FEF
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00DE002C
.text C:\Windows\System32\svchost.exe[1284] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00DE0000
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00DD0FA2
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00DD0FC7
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00DD0000
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00DD004E
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00DD0F91
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00DD0022
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00DD0011
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00DD0033
.text C:\Windows\System32\svchost.exe[1284] WS2_32.dll!socket 76C536D1 5 Bytes JMP 002C0FEF
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00A50000
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00A50FDB
.text C:\Windows\System32\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00A50011
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00A70F15
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00A70F30
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00A70EFA
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00A70091
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00A70F66
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00A70000
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00A70FB9
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00A70F55
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00A70040
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00A7002F
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00A70F83
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00A70F9E
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00A70065
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00A700AC
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00A70FCA
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00A70FEF
.text C:\Windows\System32\svchost.exe[1308] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00A70080
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00EA0FB4
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!system 771A805B 5 Bytes JMP 00EA003F
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00EA002E
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_open 771AD116 5 Bytes JMP 00EA000C
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00EA0FD9
.text C:\Windows\System32\svchost.exe[1308] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00EA001D
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00E50051
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00E50FAF
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00E50FEF
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00E50036
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00E5006C
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00E50FCA
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00E5001B
.text C:\Windows\System32\svchost.exe[1308] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00A60000
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00DF0FDB
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 010D0F63
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 010D00A9
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 010D0F41
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 010D0F52
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 010D008E
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 010D0FDB
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 010D002C
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 010D0F7E
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 010D0FB6
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 010D0058
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 010D0073
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 010D0047
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 010D0F99
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 010D00F3
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 010D0011
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 010D0000
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 010D00C4
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 012B0042
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!system 771A805B 5 Bytes JMP 012B0FC1
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 012B001D
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_open 771AD116 5 Bytes JMP 012B0FEF
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 012B0FD2
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 012B0000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 012A0084
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 012A0058
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 012A0000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 012A0069
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 012A0FBD
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 012A002C
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 012A001B
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 012A0047
.text C:\Windows\system32\svchost.exe[1320] WS2_32.dll!socket 76C536D1 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 01250FEF
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlA 7699E1C6 3 Bytes JMP 01250025
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlA + 4 7699E1CA 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 0125000A
.text C:\Windows\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 01250036
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 001B0022
.text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001D0082
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 001D0F3C
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001D00BF
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001D00AE
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 001D0067
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 001D0F57
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 001D0F8D
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 001D0025
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 001D004A
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 001D0F9E
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 001D0F72
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 001D00D0
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[1428] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 001D009D
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 0020003F
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!system 771A805B 5 Bytes JMP 00200FBE
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00200FE3
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!_open 771AD116 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 0020002E
.text C:\Windows\system32\svchost.exe[1428] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00200011
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 001F0F8D
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 001F0F7C
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[1428] WS2_32.dll!socket 76C536D1 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0024001B
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00D000AE
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00D0009D
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00D000DA
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00D00F43
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00D00071
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00D00FCD
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00D0001E
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00D00F7C
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00D00F97
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00D0004A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00D00FA8
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00D00039
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00D0008C
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00D000FF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00D00FDE
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00D00FEF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00D000C9
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00D60051
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 771A805B 5 Bytes JMP 00D60FC6
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00D60011
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 771AD116 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00D60036
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00D60FD7
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00D50F79
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00D50025
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00D50F94
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00D50F5E
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00D50000
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00D50FCA
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00D50FAF
.text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00CF000A
.text C:\Windows\system32\svchost.exe[1484] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 00CA0FEF
.text C:\Windows\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 00CA001B
.text C:\Windows\system32\svchost.exe[1484] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00CA000A
.text C:\Windows\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlW ext bit

PAUL SHILLAM · 2012/09/27

text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 008B0014
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00C60F3E
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00C60F4F
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00C600B0
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00C60F0F
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00C60058
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00C60FD4
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00C6001B
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00C6007A
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00C6003D
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00C60F8A
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00C6002C
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00C60FAF
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00C60069
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00C600CB
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileW 76D5B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00C60FEF
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00C60000
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00C60095
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00C80FD2
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!system 771A805B 5 Bytes JMP 00C80053
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00C8002E
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_open 771AD116 5 Bytes JMP 00C8000C
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00C80FE3
.text C:\Windows\system32\svchost.exe[1692] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00C8001D
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00C70F6F
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00C70011
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00C70FEF
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00C70F8A
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00C7002C
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00C70FB9
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00C70FCA
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00C70000
.text C:\Windows\system32\svchost.exe[1692] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00C5000A
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 002B0FE5
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[1908] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 002B0FD4
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 003D0F77
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 003D0F88
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 003D00F3
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 003D00E2
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 003D007D
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 003D002C
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 003D00A9
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 003D006C
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 003D0FAF
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 003D005B
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 003D0FC0
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 003D0098
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 003D0118
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[1908] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 003D0F66
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 003F0FC0
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!system 771A805B 5 Bytes JMP 003F0FDB
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 003F003A
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_open 771AD116 5 Bytes JMP 003F000C
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 003F004B
.text C:\Windows\system32\svchost.exe[1908] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 003F0029
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 003E0F7C
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 003E0FA8
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 003E000A
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 003E0F8D
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 003E0F61
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 003E0FDE
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 003E0FEF
.text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 003E0FB9
.text C:\Windows\system32\svchost.exe[1908] WS2_32.dll!socket 76C536D1 5 Bytes JMP 003C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0004000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtMapViewOfSection 77304994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00040FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!KiUserApcDispatcher + E 77305B86 5 Bytes JMP 021DE2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00010F63
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 000100A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00010F12
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00010F2D
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 0001007D
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00010014
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0001002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!QueueUserWorkItem 76D29114 6 Bytes PUSH 70FE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00010098
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 0001006C
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 0001005B
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!SetUnhandledExceptionFilter 76D3A8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00010F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00010F01
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateThread 76D5CB2E 5 Bytes JMP 6A5975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00010F48
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00150F9B
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 0015002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00150047
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00150058
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0015001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00150FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateDialogParamW 770B72A2 5 Bytes JMP 6A729398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DdeInitializeW 770B7921 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!GetAsyncKeyState 770B863C 5 Bytes JMP 6A57DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetWindowsHookExW 770B87AD 5 Bytes JMP 6A5D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CallNextHookEx 770B8E3B 5 Bytes JMP 6A5F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!UnhookWindowsHookEx 770B98DB 5 Bytes JMP 6A61ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!EnableWindow 770BCD8B 5 Bytes JMP 6A5D9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!RegisterClassExW 770BDA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DefWindowProcA 770BDB88 7 Bytes JMP 6A59980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExA 770BDC2A 5 Bytes JMP 6A5A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!RegisterClassA 770BDF42 6 Bytes PUSH 71860022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!RegisterClassW 770BE1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExW 770C1305 5 Bytes JMP 6A6003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!GetKeyState 770C8CB1 5 Bytes JMP 6A57DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!TranslateMessage 770D01AD 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DefWindowProcW 770D03B4 7 Bytes JMP 6A5F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!PeekMessageW 770D045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!IsDialogMessageW 770D0745 5 Bytes JMP 6A729AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateDialogParamA 770D17AA 5 Bytes JMP 6A729360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!IsDialogMessage 770D1847 5 Bytes JMP 6A729ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateDialogIndirectParamA 770D26F1 5 Bytes JMP 6A7293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateDialogIndirectParamW 770D9A62 5 Bytes JMP 6A729408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetKeyboardState 770E0987 5 Bytes JMP 6A72A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamW 770E10B0 5 Bytes JMP 6A531893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamW 770E2EF5 5 Bytes JMP 6A72902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SendInput 770E2F75 5 Bytes JMP 6A72A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!EndDialog 770E326E 5 Bytes JMP 6A729D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetCursorPos 770F6FB2 5 Bytes JMP 6A72A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!GetClipboardData 770F715A 6 Bytes PUSH 71700022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamA 770F8152 5 Bytes JMP 6A728FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamA 770F847D 5 Bytes JMP 6A729093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectA 7710D4D9 5 Bytes JMP 6A728F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectW 7710D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectW 7710D5D3 5 Bytes JMP 6A728ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExA 7710D639 5 Bytes JMP 6A728E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExW 7710D65D 5 Bytes JMP 6A728E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!keybd_event 7710D972 5 Bytes JMP 6A72A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] GDI32.dll!BitBlt 76C870A6 6 Bytes PUSH 71800022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00220FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!system 771A805B 5 Bytes JMP 00220031
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00220FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!_open 771AD116 5 Bytes JMP 00220FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00220FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0022000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] SHELL32.dll!SHRestricted + D95 75A989A8 4 Bytes [CF, 01, C6, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] SHELL32.dll!SHRestricted + D9D 75A989B0 8 Bytes [E0, 61, C5, 6B, 79, F7, C5, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!OleLoadFromStream 76771E80 5 Bytes JMP 6A7297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!CoCreateInstanceEx 767A9F81 5 Bytes JMP 717C0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetCloseHandle 7697C664 6 Bytes JMP 6B0352A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetReadFile 7697F8D8 6 Bytes JMP 6B0353C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpAddRequestHeadersA 76982A3C 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetQueryDataAvailable 76983184 6 Bytes JMP 6B034D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 00230FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 00230FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetConnectA 769A567E 6 Bytes JMP 6B0356C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpOpenRequestA 769A5761 6 Bytes JMP 6B035500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetConnectW 769A5CFA 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpOpenRequestW 769A5FEF 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpSendRequestW 769A632D 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00230014
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetSetStatusCallback 769AC7AA 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetReadFileExW 769AF9EE 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetReadFileExA 769AFA49 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetGetCookieExA 769B2B91 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpSendRequestExW 769BF564 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetWriteFile 769BF6C6 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpSendRequestA 769D525A 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 00230025
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!HttpSendRequestExA 76A1ECD9 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WININET.dll!InternetGetCookieA 76A203D2 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WS2_32.dll!socket 76C536D1 5 Bytes JMP 01570FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WS2_32.dll!connect 76C540D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] WS2_32.dll!getaddrinfo 76C5418A 5 Bytes JMP 710A0022
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 01700FC3
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 01700FDE
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 01780F57
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 0178009D
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 01780F35
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 017800C2
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 01780F8D
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 01780011
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 01780FCA
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 01780078
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 01780F9E
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 01780051
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 01780FAF
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 01780036
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 01780F72
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 01780F10
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 01780FDB
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 01780000
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 01780F46
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 018D0FBC
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!system 771A805B 5 Bytes JMP 018D0FCD
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 018D0022
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_open 771AD116 5 Bytes JMP 018D0000
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 018D0033
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 018D0011
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExA 770039AB 3 Bytes JMP 018C0FA5
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExA + 4 770039AF 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyA 77003BA9 3 Bytes JMP 018C0FDB
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyA + 4 77003BAD 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyA 770089C7 3 Bytes JMP 018C0000
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyA + 4 770089CB 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 018C0FCA
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 018C0F94
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 018C002C
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 018C0011
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 018C003D
.text C:\Windows\system32\svchost.exe[2324] WS2_32.dll!socket 76C536D1 5 Bytes JMP 01770000
.text C:\Windows\system32\svchost.exe[2324] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 0176000A
.text C:\Windows\system32\svchost.exe[2324] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 01760FDE
.text C:\Windows\system32\svchost.exe[2324] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 01760FEF
.text C:\Windows\system32\svchost.exe[2324] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 01760FCD
.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00060F55
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 0006009B
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000600E2
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 000600D1
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0006001E
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00060080
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 0006004A
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00060FA8
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00060F97
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00060F66
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00060F30
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 000600C0
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00080F92
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!system 771A805B 5 Bytes JMP 00080FB7
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 0008001D
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_open 771AD116 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00080FC8
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0008000C
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00070F8A
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00070FA5
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 0007002C
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyExW

PAUL SHILLAM · 2012/09/27

.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2360] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00060F55
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 0006009B
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000600E2
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 000600D1
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0006001E
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00060080
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 0006004A
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00060FA8
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00060F97
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00060F66
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00060F30
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2360] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 000600C0
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00080F92
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!system 771A805B 5 Bytes JMP 00080FB7
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 0008001D
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_open 771AD116 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00080FC8
.text C:\Windows\System32\svchost.exe[2360] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0008000C
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00070F8A
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00070FA5
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 0007002C
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[2360] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00070FC0
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2648] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 702C9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2648] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 702C99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00040FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtMapViewOfSection 77304994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ntdll.dll!KiUserApcDispatcher + E 77305B86 5 Bytes JMP 01B6E2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00010F34
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00010084
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00010EFE
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00010F0F
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00010062
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00010FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!QueueUserWorkItem 76D29114 6 Bytes PUSH 70FE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00010073
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00010F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 0001002C
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 0001003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00010FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!SetUnhandledExceptionFilter 76D3A8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00010F63
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00010EED
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateThread 76D5CB2E 5 Bytes JMP 6A5975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00010095
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyExA 770039AB 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00050FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00050051
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00050FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00050F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0005002F
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00050014
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00050040
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogParamW 770B72A2 5 Bytes JMP 6A729398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DdeInitializeW 770B7921 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!GetAsyncKeyState 770B863C 5 Bytes JMP 6A57DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetWindowsHookExW 770B87AD 5 Bytes JMP 6A5D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CallNextHookEx 770B8E3B 5 Bytes JMP 6A5F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!UnhookWindowsHookEx 770B98DB 5 Bytes JMP 6A61ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!EnableWindow 770BCD8B 5 Bytes JMP 6A5D9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!RegisterClassExW 770BDA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DefWindowProcA 770BDB88 7 Bytes JMP 6A59980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateWindowExA 770BDC2A 5 Bytes JMP 6A5A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!RegisterClassA 770BDF42 6 Bytes PUSH 71860022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!RegisterClassW 770BE1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateWindowExW 770C1305 5 Bytes JMP 6A6003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!GetKeyState 770C8CB1 5 Bytes JMP 6A57DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!TranslateMessage 770D01AD 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DefWindowProcW 770D03B4 7 Bytes JMP 6A5F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!PeekMessageW 770D045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!IsDialogMessageW 770D0745 5 Bytes JMP 6A729AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogParamA 770D17AA 5 Bytes JMP 6A729360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!IsDialogMessage 770D1847 5 Bytes JMP 6A729ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogIndirectParamA 770D26F1 5 Bytes JMP 6A7293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!CreateDialogIndirectParamW 770D9A62 5 Bytes JMP 6A729408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetKeyboardState 770E0987 5 Bytes JMP 6A72A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamW 770E10B0 5 Bytes JMP 6A531893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamW 770E2EF5 5 Bytes JMP 6A72902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SendInput 770E2F75 5 Bytes JMP 6A72A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!EndDialog 770E326E 5 Bytes JMP 6A729D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!SetCursorPos 770F6FB2 5 Bytes JMP 6A72A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!GetClipboardData 770F715A 6 Bytes PUSH 71700022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamA 770F8152 5 Bytes JMP 6A728FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamA 770F847D 5 Bytes JMP 6A729093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectA 7710D4D9 5 Bytes JMP 6A728F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 7710D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 7710D5D3 5 Bytes JMP 6A728ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExA 7710D639 5 Bytes JMP 6A728E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExW 7710D65D 5 Bytes JMP 6A728E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!keybd_event 7710D972 5 Bytes JMP 6A72A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] GDI32.dll!BitBlt 76C870A6 6 Bytes PUSH 71800022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 0006004E
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!system 771A805B 5 Bytes JMP 00060FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00060FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_open 771AD116 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00060033
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0006000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] SHELL32.dll!SHRestricted + D95 75A989A8 4 Bytes [CF, 01, C6, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] SHELL32.dll!SHRestricted + D9D 75A989B0 8 Bytes [E0, 61, C5, 6B, 79, F7, C5, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!OleLoadFromStream 76771E80 5 Bytes JMP 6A7297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] ole32.dll!CoCreateInstanceEx 767A9F81 5 Bytes JMP 717C0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetCloseHandle 7697C664 6 Bytes JMP 6B0352A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetReadFile 7697F8D8 6 Bytes JMP 6B0353C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpAddRequestHeadersA 76982A3C 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetQueryDataAvailable 76983184 6 Bytes JMP 6B034D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 00070000
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 00070FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetConnectA 769A567E 6 Bytes JMP 6B0356C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpOpenRequestA 769A5761 6 Bytes JMP 6B035500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetConnectW 769A5CFA 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpOpenRequestW 769A5FEF 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpSendRequestW 769A632D 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00070FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetSetStatusCallback 769AC7AA 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetReadFileExW 769AF9EE 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetReadFileExA 769AFA49 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetGetCookieExA 769B2B91 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpSendRequestExW 769BF564 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetWriteFile 769BF6C6 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpSendRequestA 769D525A 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 00070025
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!HttpSendRequestExA 76A1ECD9 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WININET.dll!InternetGetCookieA 76A203D2 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WS2_32.dll!socket 76C536D1 5 Bytes JMP 002D0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WS2_32.dll!connect 76C540D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] WS2_32.dll!getaddrinfo

PAUL SHILLAM · 2012/09/27

text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[2944] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 0001008B
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00010F3B
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000100A6
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00010F0F
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00010070
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00010F56
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 0001005F
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00010033
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 0001004E
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00010F71
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00010EEA
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2944] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00010F2A
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00060055
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!system 771A805B 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00060029
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_open 771AD116 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wcreat 771AD336 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 0006003A
.text C:\Windows\system32\svchost.exe[2944] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0006000C
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 000B0025
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 000B0FA8
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 000B0040
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[2944] WS2_32.dll!socket 76C536D1 5 Bytes JMP 000C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 0004000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ntdll.dll!NtMapViewOfSection 77304994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 0004001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ntdll.dll!KiUserApcDispatcher + E 77305B86 5 Bytes JMP 0242E2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00010098
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00010F52
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000100CE
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 000100B3
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00010062
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!QueueUserWorkItem 76D29114 6 Bytes PUSH 70FE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 00010F6D
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00010F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00010036
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00010051
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 0001001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!SetUnhandledExceptionFilter 76D3A8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 0001007D
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 000100DF
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateThread 76D5CB2E 5 Bytes JMP 6A5975E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00010F37
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00050047
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 0005001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00050000
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00050036
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00050058
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 00050FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 00050FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00050FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateDialogParamW 770B72A2 5 Bytes JMP 6A729398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DdeInitializeW 770B7921 6 Bytes PUSH 71740022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!GetAsyncKeyState 770B863C 5 Bytes JMP 6A57DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetWindowsHookExW 770B87AD 5 Bytes JMP 6A5D25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CallNextHookEx 770B8E3B 5 Bytes JMP 6A5F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!UnhookWindowsHookEx 770B98DB 5 Bytes JMP 6A61ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!EnableWindow 770BCD8B 5 Bytes JMP 6A5D9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!RegisterClassExW 770BDA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DefWindowProcA 770BDB88 7 Bytes JMP 6A59980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateWindowExA 770BDC2A 5 Bytes JMP 6A5A3643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!RegisterClassA 770BDF42 6 Bytes PUSH 71860022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!RegisterClassW 770BE1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateWindowExW 770C1305 5 Bytes JMP 6A6003CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!GetKeyState 770C8CB1 5 Bytes JMP 6A57DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!TranslateMessage 770D01AD 6 Bytes PUSH 716A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DefWindowProcW 770D03B4 7 Bytes JMP 6A5F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!PeekMessageW 770D045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!IsDialogMessageW 770D0745 5 Bytes JMP 6A729AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateDialogParamA 770D17AA 5 Bytes JMP 6A729360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!IsDialogMessage 770D1847 5 Bytes JMP 6A729ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateDialogIndirectParamA 770D26F1 5 Bytes JMP 6A7293D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateDialogIndirectParamW 770D9A62 5 Bytes JMP 6A729408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetKeyboardState 770E0987 5 Bytes JMP 6A72A3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamW 770E10B0 5 Bytes JMP 6A531893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamW 770E2EF5 5 Bytes JMP 6A72902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SendInput 770E2F75 5 Bytes JMP 6A72A38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!EndDialog 770E326E 5 Bytes JMP 6A729D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetCursorPos 770F6FB2 5 Bytes JMP 6A72A466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!GetClipboardData 770F715A 6 Bytes PUSH 71700022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamA 770F8152 5 Bytes JMP 6A728FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamA 770F847D 5 Bytes JMP 6A729093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectA 7710D4D9 5 Bytes JMP 6A728F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW 7710D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW 7710D5D3 5 Bytes JMP 6A728ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExA 7710D639 5 Bytes JMP 6A728E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExW 7710D65D 5 Bytes JMP 6A728E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!keybd_event 7710D972 5 Bytes JMP 6A72A34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!BitBlt 76C870A6 6 Bytes PUSH 71800022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 00060FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!system 771A805B 5 Bytes JMP 00060033
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00060FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!_open 771AD116 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00060018
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 00060FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] SHELL32.dll!SHRestricted + D95 75A989A8 4 Bytes [CF, 01, C6, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] SHELL32.dll!SHRestricted + D9D 75A989B0 8 Bytes [E0, 61, C5, 6B, 79, F7, C5, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!OleLoadFromStream 76771E80 5 Bytes JMP 6A7297FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!CoCreateInstanceEx 767A9F81 5 Bytes JMP 717C0022
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetCloseHandle 7697C664 6 Bytes JMP 6B0352A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetReadFile 7697F8D8 6 Bytes JMP 6B0353C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpAddRequestHeadersA 76982A3C 6 Bytes PUSH 71660022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetQueryDataAvailable 76983184 6 Bytes JMP 6B034D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 0007000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 0007001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetConnectA 769A567E 6 Bytes JMP 6B0356C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpOpenRequestA 769A5761 6 Bytes JMP 6B035500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetConnectW 769A5CFA 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpOpenRequestW 769A5FEF 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpSendRequestW 769A632D 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00070FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetSetStatusCallback 769AC7AA 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetReadFileExW 769AF9EE 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetReadFileExA 769AFA49 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetGetCookieExA 769B2B91 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpSendRequestExW 769BF564 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetWriteFile 769BF6C6 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpSendRequestA 769D525A 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 00070040
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!HttpSendRequestExA 76A1ECD9 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WININET.dll!InternetGetCookieA 76A203D2 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!socket 76C536D1 5 Bytes JMP 003D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!connect 76C540D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!getaddrinfo 76C5418A 5 Bytes JMP 710A0022
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ntdll.dll!NtCreateFile 77304244 5 Bytes JMP 00040FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ntdll.dll!NtCreateProcess 77304304 5 Bytes JMP 00040014
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ntdll.dll!NtMapViewOfSection 77304994 5 Bytes JMP 719F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ntdll.dll!NtProtectVirtualMemory 77304BA4 5 Bytes JMP 00040FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ntdll.dll!KiUserApcDispatcher + E 77305B86 5 Bytes JMP 0242E2B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 000100C4
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00010F7E
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 000100FA
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 000100DF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00010FAA
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00010FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00010022
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!QueueUserWorkItem 76D29114 6 Bytes PUSH 70F90022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreatePipe 76D38F06 5 Bytes JMP 000100B3
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!LoadLibraryExW 76D3927C 5 Bytes JMP 00010084
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!LoadLibraryW 76D39400 5 Bytes JMP 00010058
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!LoadLibraryExA 76D39554 5 Bytes JMP 00010069
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!LoadLibraryA 76D3957C 5 Bytes JMP 00010033
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!SetUnhandledExceptionFilter 76D3A8C5 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!VirtualProtectEx 76D3DC52 5 Bytes JMP 00010F99
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!GetProcAddress 76D5925B 5 Bytes JMP 00010F48
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateFileW 76D5B0EB 5 Bytes JMP 00010011
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!CreateFileA 76D5D07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] kernel32.dll!WinExec 76DA60CF 5 Bytes JMP 00010F63
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegCreateKeyExA 770039AB 5 Bytes JMP 00050F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegCreateKeyA 77003BA9 5 Bytes JMP 00050FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegOpenKeyA 770089C7 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegCreateKeyW 7701391E 5 Bytes JMP 00050FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegCreateKeyExW 770141F1 5 Bytes JMP 00050051
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegOpenKeyExA 77017C42 5 Bytes JMP 0005001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegOpenKeyW 7701E2B5 5 Bytes JMP 0005000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ADVAPI32.dll!RegOpenKeyExW 77027BA1 5 Bytes JMP 00050036
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!DdeInitializeW 770B7921 6 Bytes PUSH 71750022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!EnableWindow 770BCD8B 5 Bytes JMP 6A5D9EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!RegisterClassExW 770BDA30 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!CreateWindowExA 770BDC2A 6 Bytes JMP 7192000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!RegisterClassA 770BDF42 6 Bytes PUSH 71880022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!RegisterClassW 770BE1AB 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!CreateWindowExW 770C1305 6 Bytes JMP 7196000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!TranslateMessage 770D01AD 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!PeekMessageW 770D045A 6 Bytes PUSH 719B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!DialogBoxParamW 770E10B0 5 Bytes JMP 6A531893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!DialogBoxIndirectParamW 770E2EF5 5 Bytes JMP 6A72902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!GetClipboardData 770F715A 6 Bytes PUSH 71710022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!DialogBoxParamA 770F8152 5 Bytes JMP 6A728FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!DialogBoxIndirectParamA 770F847D 5 Bytes JMP 6A729093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!MessageBoxIndirectA 7710D4D9 5 Bytes JMP 6A728F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!MessageBoxIndirectW 7710D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!MessageBoxIndirectW 7710D5D3 5 Bytes JMP 6A728ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!MessageBoxExA 7710D639 5 Bytes JMP 6A728E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] USER32.dll!MessageBoxExW 7710D65D 5 Bytes JMP 6A728E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] GDI32.dll!BitBlt 76C870A6 6 Bytes PUSH 71820022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!_wsystem 771A7F3F 5 Bytes JMP 0022005F
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!system 771A805B 5 Bytes JMP 0022003A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!_creat 771ABBF1 5 Bytes JMP 00220029
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!_open 771AD116 5 Bytes JMP 00220FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!_wcreat 771AD336 5 Bytes JMP 00220FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] msvcrt.dll!_wopen 771AD511 5 Bytes JMP 0022000C
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ole32.dll!CoCreateInstance 767A9F3E 6 Bytes JMP 718E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] ole32.dll!CoCreateInstanceEx 767A9F81 5 Bytes JMP 717D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetCloseHandle 7697C664 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetReadFile 7697F8D8 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpAddRequestHeadersA 76982A3C 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetQueryDataAvailable 76983184 6 Bytes PUSH 71280022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetOpenA 7698D5E8 5 Bytes JMP 00230FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetOpenUrlA 7699E1C6 5 Bytes JMP 00230FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetConnectA 769A567E 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpOpenRequestA 769A5761 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetConnectW 769A5CFA 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpOpenRequestW 769A5FEF 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpSendRequestW 769A632D 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetOpenW 769AC596 5 Bytes JMP 00230FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetSetStatusCallback 769AC7AA 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetReadFileExW 769AF9EE 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetReadFileExA 769AFA49 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetGetCookieExA 769B2B91 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpSendRequestExW 769BF564 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetWriteFile 769BF6C6 6 Bytes PUSH 71140022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpSendRequestA 769D525A 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetOpenUrlW 769FDBF8 5 Bytes JMP 00230014
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!HttpSendRequestExA 76A1ECD9 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WININET.dll!InternetGetCookieA 76A203D2 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WS2_32.dll!socket 76C536D1 5 Bytes JMP 00840FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WS2_32.dll!connect 76C540D9 5 Bytes JMP 710B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[6584] WS2_32.dll!getaddrinfo 76C5418A 5 Bytes JMP 71060022

PAUL SHILLAM · 2012/09/27

[6BC5F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6BC6F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6BC7072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6BC6F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6BC60ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] 71900000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6BC6D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6BC6D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6BC56692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6BC72FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6BC7327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6BC73B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6BC5EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6BC619CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6BC560B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6BC60859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6BC73983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6BC733C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6BC61555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6BC57278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6BC60E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6BC73E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6BC5F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6BC73FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6BC73D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6BC5FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6BC6A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6BC707CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6BC6E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6BC6A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6BC6B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6BC6B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6BC6C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6BC6F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6BC6BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6BC69F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6BC6E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6BC69AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6BC60ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6BC6A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6BC6ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6BC6EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6BC56291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6BC6939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6BC6E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6BC69C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6BC6968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6BC6997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6BC6CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6BC6D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6BC6D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6BC70DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6BC5F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6BC5F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6BC70D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6BC71F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6BC71095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6BC5FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6BC712D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6BC5FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6BC71542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6BC71590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6BC71C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6BC71191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6BC71BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6BC719EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6BC5E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6BC71B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6BC7136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6BC7162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6BC71284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6BC7194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6BC70F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6BC72769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6BC72937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6BC57430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6BC60178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6BC5FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6BC54984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6BC7140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6BC717B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6BC7171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6BC71CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6BC718A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6BC5FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6BC55D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6BC54927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6BC70F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6BC72028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6BC72B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6BC720D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6BC7218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6BC60123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6BC71F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6BC68C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6BC69C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6BC6968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6BC5F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6BC71F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6BC72028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6BC72B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6BC72B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6BC60178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6BC564C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6BC54CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6BC54927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6BC54984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6BC56528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2720] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6BC6BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6BC6E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6BC6F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6BC707CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6BC6B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6BC6ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6BC61555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6BC60E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6BC560B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6BC57278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6BC733C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6BC619CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6BC56692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6BC6BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6BC6F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6BC7072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6BC707CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6BC60ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6BC6EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6BC69229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6BC6E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6BC6ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6BC6C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6BC6F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6BC6939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6BC56291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6BC6E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6BC6EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6BC6DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

PAUL SHILLAM · 2012/09/27

IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6BC67BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6BC5F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6BC6E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6BC6B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6BC6ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6BC6AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6BC6939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6BC707CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6BC69229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6BC5F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6BC6F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6BC7072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6BC6F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6BC60ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] 71900000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6BC6D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6BC6D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6BC56692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6BC72FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6BC7327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6BC73B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6BC5EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6BC619CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6BC560B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6BC60859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6BC73983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6BC733C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6BC61555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6BC57278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6BC60E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6BC73E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6BC5F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6BC73FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6BC73D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6BC5FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6BC6A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6BC707CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6BC6E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6BC6A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6BC6B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6BC6B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6BC6C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6BC6F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6BC6BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6BC69F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6BC6E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6BC69AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6BC60ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6BC6A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6BC6ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6BC6EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6BC56291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6BC6939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6BC6E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6BC69C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6BC6968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6BC6997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6BC6CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6BC6D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6BC6D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6BC70DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6BC5F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6BC5F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6BC70D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6BC71F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6BC71095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6BC5FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6BC712D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6BC5FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6BC71542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6BC71590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6BC71C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6BC71191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6BC71BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6BC719EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6BC5E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6BC71B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6BC7136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6BC7162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6BC71284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6BC7194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6BC70F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6BC72769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6BC72937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6BC57430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6BC60178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6BC5FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6BC54984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6BC7140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6BC717B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6BC7171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6BC71CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6BC718A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6BC5FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6BC55D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6BC54927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6BC70F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6BC72028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6BC72B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6BC720D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6BC7218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6BC60123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6BC71F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6BC68C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6BC6F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6BC6FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BC55EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6BC6029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6BC67F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6BC6C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6BC69C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6BC6968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6BC563E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BC54E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6BC55F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BC56D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6BC5F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6BC71F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6BC72028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6BC72B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6BC72B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6BC60178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [6BC564C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6BC54CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6BC54927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

PAUL SHILLAM · 2012/09/27

IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6BC54984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6BC56528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW] 71950000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6BC547BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[6584] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 71AB0000

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e80ab0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9e80ab0@c8979f3e04cb 0x88 0xB5 0x5F 0x63 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9e80ab0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9e80ab0@c8979f3e04cb 0x88 0xB5 0x5F 0x63 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Trusteer\Rapport\store\user\fsm_service_var_1.js.data 0 bytes

---- EOF - GMER 1.0.15 ----

PAUL SHILLAM · 2012/09/27

Here is the aswMBR Log
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 13:18:20
-----------------------------
13:18:20.976 OS Version: Windows 6.0.6002 Service Pack 2
13:18:20.977 Number of processors: 2 586 0xF0D
13:18:21.031 ComputerName: SUES-LAPTOP UserName: shillam
13:18:45.602 Initialize success
13:19:06.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:19:06.824 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
13:19:07.058 Disk 0 MBR read successfully
13:19:07.076 Disk 0 MBR scan
13:19:07.082 Disk 0 Windows VISTA default MBR code
13:19:07.092 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
13:19:07.209 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 241664
13:19:07.229 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139708 MB offset 21213184
13:19:07.237 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
13:19:07.377 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
13:19:07.580 Disk 0 scanning sectors +312578048
13:19:08.114 Disk 0 scanning C:\Windows\system32\drivers
13:21:20.716 Service scanning
13:22:03.214 Modules scanning
13:24:41.843 Disk 0 trace - called modules:
13:24:42.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
13:24:42.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2b82a0]
13:24:42.524 3 CLASSPNP.SYS[8d79d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a410030]
13:24:42.556 Scan finished successfully
13:25:46.613 Disk 0 MBR has been saved successfully to "C:\Users\shillam\Desktop\MBR.dat "
13:25:46.694 The log file has been saved successfully to "C:\Users\shillam\Desktop\aswMBR.txt "

PAUL SHILLAM · 2012/09/27

DDS Log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by shillam at 13:34:42 on 2012-09-27
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2037.604 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxdjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

PAUL SHILLAM · 2012/09/27

D============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&pid=dell&synd=dell&client=dell-usuk&channel=uk&ibd=2071122&channel=uk&client=dell-usuk&ibd=2071122
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzutAtN2Y1L1QzutDtDtC0D0Dzy0EzztD0A0BtD0DtA0AtBtN0D0TzutBtDtCtBtDyCtByB&cr=1851167175
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120627134102.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Driver Manager] c:\program files\driver manager\driver manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [HP Officejet 4620 series (NET)] "c:\program files\hp\hp officejet 4620 series\bin\ScanToPCActivationApp.exe" -deviceID "CN229110NG05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
uRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\what's~1.lnk - c:\program files\what's my computer doing\WhatsMyComputerDoing.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{3AE2B734-CE77-4B1F-83F0-1662C4429131} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\599\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 464304]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-29 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-29 169608]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-9 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-7-29 71480]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-22 179712]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-29 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-12 180848]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-12 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-29 340920]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-9 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-8-9 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-8-9 85760]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2011-8-9 51456]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-9 72832]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2011-8-9 26496]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-29 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-12 40552]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-7-29 65848]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-7-29 166840]
.
=============== File Associations ===============
.
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2012-09-27 08:19:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 08:19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 07:34:23 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fd53382a-8225-429b-80bb-8e348f9137e1}\mpengine.dll
2012-09-22 15:38:14 -------- d-----w- c:\users\shillam\appdata\roaming\Systweak
2012-09-22 15:38:07 15544 ----a-w- c:\windows\system32\roboot.exe
2012-08-29 07:45:50 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-09-21 14:25:12 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 14:25:12 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-29 19:52:38 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:37:52.16 ===============DS Log

PAUL SHILLAM · 2012/09/27

Attach.txt

DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 22/11/2007 12:00:25
System Uptime: 27/09/2012 07:57:32 (6 hours ago)
.
Motherboard: Dell Inc. | | 0N6705
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 74.245 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.431 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00E7\8&134F7A6D&0&C8979F3E04CB_C00000000
Service:
.
==== System Restore Points ===================
.
RP905: 18/09/2012 08:08:35 - Windows Update
RP906: 21/09/2012 09:10:35 - Windows Update
RP907: 22/09/2012 13:01:39 - Windows Update
RP909: 22/09/2012 16:47:01 - RegClean Pro Sat, Sep 22, 12 16:46
RP910: 23/09/2012 14:39:21 - Removed iTunes
RP911: 23/09/2012 15:01:17 - Removed Apple Mobile Device Support
RP912: 23/09/2012 15:06:05 - Removed Safari
RP913: 23/09/2012 15:13:43 - Removed Bonjour
RP914: 23/09/2012 15:14:33 - Removed calibre
RP915: 23/09/2012 15:21:08 - Removed calibre
RP916: 23/09/2012 15:23:39 - Removed Apple Software Update
RP917: 23/09/2012 15:26:25 - Removed Java(TM) SE Runtime Environment 6
RP919: 23/09/2012 15:30:38 - Removed Live! Cam Avatar Creator
RP921: 23/09/2012 15:31:34 - Removed Live! Cam Avatar
RP922: 23/09/2012 15:33:09 - Removed Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon Kindle
Apple Application Support
BelkinPort Monitor
Bing Bar
Broadcom Management Programs
Browser Address Error Redirector
BT NetProtect Plus
BT Yahoo! Applications
Canon ScanGear Toolbox 3.0
CDDRV_Installer
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DellSupport
Driver Manager
DWG TrueView 2008
ESET Online Scanner v3
Fritz 12
Google Desktop
Google Quick Search Box
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet 4620 series Basic Device Software
HP Officejet 4620 series Help
HP Officejet 4620 series Product Improvement Study
HP Update
I.R.I.S. OCR
iCloud
Inbox Toolbar
Internet From BT
Junk Mail filter update
KhalInstallWrapper
Laptop Integrated Webcam Driver (1.04.01.1011)
Lexmark 1400 Series
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Security Scan Plus
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC100_CRT_SP1_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
Nokia Connectivity Cable Driver
Nokia Suite
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PC Connectivity Solution
PRS-500 USB driver
Quicken 2004
QuickSet
Rapport
Reader Library by Sony
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Skypeâ„¢ 5.10
Sonic Activation Module
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
Vista Codec Package
What's my computer doing 1.xx
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Driver Package - Nokia pccsmcfd "LegacyDriver" (05/31/2012 7.1.2.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yontoo 1.10.02
.
==== End Of File ===========================

broni · 2012/09/27

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===================================

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===========================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes ".
Click the "Scan" button to start scan.
On completion of the scan click "Save log ", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

PAUL SHILLAM · 2012/09/28

I have run TDSSKiller it said no threats found, do you still want the report as it is very long and would have to be split into several post?
Paul

PAUL SHILLAM · 2012/09/28

Here is the RogueKiller report

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : shillam [Admin rights]
Mode : Remove -- Date : 09/28/2012 09:57:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] a77d3162f9bb33488c9a3178c5195ff0
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 117 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 241664 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21213184 | Size: 139708 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 307335168 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

PAUL SHILLAM · 2012/09/28

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 10:05:44
-----------------------------
10:05:44.058 OS Version: Windows 6.0.6002 Service Pack 2
10:05:44.059 Number of processors: 2 586 0xF0D
10:05:44.060 ComputerName: SUES-LAPTOP UserName: shillam
10:05:52.887 Initialize success
10:07:31.597 AVAST engine defs: 12092701
10:07:39.447 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:07:39.447 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
10:07:39.497 Disk 0 MBR read successfully
10:07:39.507 Disk 0 MBR scan
10:07:39.537 Disk 0 Windows VISTA default MBR code
10:07:39.557 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
10:07:39.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 241664
10:07:39.617 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139708 MB offset 21213184
10:07:39.637 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
10:07:39.747 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
10:07:39.797 Disk 0 scanning sectors +312578048
10:07:39.967 Disk 0 scanning C:\Windows\system32\drivers
10:08:21.687 Service scanning
10:09:08.907 Modules scanning
10:09:29.897 Disk 0 trace - called modules:
10:09:29.957 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
10:09:29.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae8b670]
10:09:29.997 3 CLASSPNP.SYS[8d7a28b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a40e030]
10:09:30.897 AVAST engine scan C:\Windows
10:09:39.127 AVAST engine scan C:\Windows\system32
10:17:45.352 AVAST engine scan C:\Windows\system32\drivers
10:18:17.612 AVAST engine scan C:\Users\shillam
11:05:05.634 AVAST engine scan C:\ProgramData
11:24:15.443 Scan finished successfully
11:30:48.617 Disk 0 MBR has been saved successfully to "C:\Users\shillam\Desktop\MBR.dat "
11:30:48.667 The log file has been saved successfully to "C:\Users\shillam\Desktop\aswMBR.txt "
11:33:53.462 Disk 0 MBR has been saved successfully to "C:\Users\shillam\Desktop\MBR.dat "
11:33:53.492 The log file has been saved successfully to "C:\Users\shillam\Desktop\aswMBR.txt "

broni · 2012/09/28

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If restarting doesn't help use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

broni · 2012/09/28

dupe...

Log in or Sign up

Solved Laptop running very slow

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Laptop running very slow

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches