GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-20 00:04:29 Windows 6.1.7600 Running: gmer.exe; Driver: C:\Users\Dad\AppData\Local\Temp\pwldapow.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1AAF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1A104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1A3F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E032D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E02898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1A1DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1A958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1A6F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1AF2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1B1A8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA15A750A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA15A732E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA15A7468] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7A599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE ntkrnlpa.exe!ZwLoadDriver 82FD8279 7 Bytes JMP A15A746C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8303FFA7 5 Bytes JMP A15A34AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83059CA7 5 Bytes JMP A15A49E4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!NtCreateSection 83067D23 7 Bytes JMP A15A7332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83111EAA 7 Bytes JMP A15A750E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) .text peauth.sys 9E4A4C9D 28 Bytes [D5, 9C, 05, 14, 23, 44, 66, ...] .text peauth.sys 9E4A4CC1 28 Bytes [D5, 9C, 05, 14, 23, 44, 66, ...] PAGE peauth.sys 9E4AAB9B 72 Bytes [C9, BF, D9, 1F, 62, F0, 11, ...] PAGE peauth.sys 9E4AABEC 111 Bytes [19, EB, 95, DA, 42, 0A, 11, ...] PAGE peauth.sys 9E4AAE20 101 Bytes [0B, 2C, 76, CF, 93, 14, AC, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CreateDialogParamW 75D99BFF 5 Bytes JMP 6A6FC548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!EnableWindow 75D9A72E 5 Bytes JMP 6A6FC4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!GetAsyncKeyState 75D9C09A 5 Bytes JMP 6A6BD6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!UnhookWindowsHookEx 75D9CC7B 5 Bytes JMP 6A7B82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CallNextHookEx 75D9CC8F 5 Bytes JMP 6A799D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CreateWindowExW 75DA0E51 5 Bytes JMP 6A7A80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!SetWindowsHookExW 75DA210A 5 Bytes JMP 6A7545DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!GetKeyState 75DA4FDA 5 Bytes JMP 6A6FD73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!IsDialogMessageW 75DA6F06 5 Bytes JMP 6A6C425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CreateDialogParamA 75DB3E79 5 Bytes JMP 6A8CFE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!IsDialogMessage 75DB407A 5 Bytes JMP 6A8CF6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CreateDialogIndirectParamA 75DB9110 5 Bytes JMP 6A8CFE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!CreateDialogIndirectParamW 75DC08AD 5 Bytes JMP 6A8CFE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!DialogBoxIndirectParamW 75DC4AA7 5 Bytes JMP 6A8CF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!EndDialog 75DC555C 5 Bytes JMP 6A6C5AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!DialogBoxParamW 75DC564A 5 Bytes JMP 6A6C4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!SetKeyboardState 75DC6B52 5 Bytes JMP 6A8CFA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!SendInput 75DC7055 5 Bytes JMP 6A8D05E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!SetCursorPos 75DDC1D8 5 Bytes JMP 6A8D0640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!DialogBoxParamA 75DDCF6A 5 Bytes JMP 6A8CF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!DialogBoxIndirectParamA 75DDD29C 5 Bytes JMP 6A8CF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!MessageBoxIndirectA 75DEE8C9 5 Bytes JMP 6A8CF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!MessageBoxIndirectW 75DEE9C3 5 Bytes JMP 6A8CF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!MessageBoxExA 75DEEA29 5 Bytes JMP 6A8CF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!MessageBoxExW 75DEEA4D 5 Bytes JMP 6A8CF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] USER32.dll!keybd_event 75DEEC9B 5 Bytes JMP 6A8D0973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] SHELL32.dll!SHChangeNotification_Lock + 45BE 7639B3D8 4 Bytes [11, 36, FA, 64] .text C:\Program Files\Internet Explorer\iexplore.exe[1608] SHELL32.dll!SHChangeNotification_Lock + 45C6 7639B3E0 8 Bytes [5F, 35, FA, 64, D0, 73, F9, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[1608] ole32.dll!OleLoadFromStream 77235B88 5 Bytes JMP 6A8CF576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] ole32.dll!CoCreateInstance 772857FC 5 Bytes JMP 6A7A8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!closesocket 778C3BED 5 Bytes JMP 64CBEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!socket 778C3F00 5 Bytes JMP 64CBE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!recv 778C47DF 5 Bytes JMP 64CBF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!connect 778C48BE 5 Bytes JMP 64CBE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!getaddrinfo 778C6737 5 Bytes JMP 64CBE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1608] WS2_32.dll!send 778CC4C8 5 Bytes JMP 64CBE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!CreateWindowExW 75DA0E51 5 Bytes JMP 6A7A80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxIndirectParamW 75DC4AA7 5 Bytes JMP 6A8CF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxParamW 75DC564A 5 Bytes JMP 6A6C4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxParamA 75DDCF6A 5 Bytes JMP 6A8CF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!DialogBoxIndirectParamA 75DDD29C 5 Bytes JMP 6A8CF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxIndirectA 75DEE8C9 5 Bytes JMP 6A8CF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxIndirectW 75DEE9C3 5 Bytes JMP 6A8CF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxExA 75DEEA29 5 Bytes JMP 6A8CF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5812] USER32.dll!MessageBoxExW 75DEEA4D 5 Bytes JMP 6A8CF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateDialogParamW 75D99BFF 5 Bytes JMP 6A6FC548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!EnableWindow 75D9A72E 5 Bytes JMP 6A6FC4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!GetAsyncKeyState 75D9C09A 5 Bytes JMP 6A6BD6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!UnhookWindowsHookEx 75D9CC7B 5 Bytes JMP 6A7B82FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CallNextHookEx 75D9CC8F 5 Bytes JMP 6A799D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateWindowExW 75DA0E51 5 Bytes JMP 6A7A80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!SetWindowsHookExW 75DA210A 5 Bytes JMP 6A7545DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!GetKeyState 75DA4FDA 5 Bytes JMP 6A6FD73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!IsDialogMessageW 75DA6F06 5 Bytes JMP 6A6C425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateDialogParamA 75DB3E79 5 Bytes JMP 6A8CFE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!IsDialogMessage 75DB407A 5 Bytes JMP 6A8CF6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateDialogIndirectParamA 75DB9110 5 Bytes JMP 6A8CFE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateDialogIndirectParamW 75DC08AD 5 Bytes JMP 6A8CFE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamW 75DC4AA7 5 Bytes JMP 6A8CF218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!EndDialog 75DC555C 5 Bytes JMP 6A6C5AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamW 75DC564A 5 Bytes JMP 6A6C4B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!SetKeyboardState 75DC6B52 5 Bytes JMP 6A8CFA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!SendInput 75DC7055 5 Bytes JMP 6A8D05E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!SetCursorPos 75DDC1D8 5 Bytes JMP 6A8D0640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamA 75DDCF6A 5 Bytes JMP 6A8CF1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamA 75DDD29C 5 Bytes JMP 6A8CF27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectA 75DEE8C9 5 Bytes JMP 6A8CF14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectW 75DEE9C3 5 Bytes JMP 6A8CF0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExA 75DEEA29 5 Bytes JMP 6A8CF07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExW 75DEEA4D 5 Bytes JMP 6A8CF01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!keybd_event 75DEEC9B 5 Bytes JMP 6A8D0973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] SHELL32.dll!SHChangeNotification_Lock + 45BE 7639B3D8 4 Bytes [11, 36, FA, 64] .text C:\Program Files\Internet Explorer\iexplore.exe[5860] SHELL32.dll!SHChangeNotification_Lock + 45C6 7639B3E0 8 Bytes [5F, 35, FA, 64, D0, 73, F9, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5860] ole32.dll!OleLoadFromStream 77235B88 5 Bytes JMP 6A8CF576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] ole32.dll!CoCreateInstance 772857FC 5 Bytes JMP 6A7A8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!closesocket 778C3BED 5 Bytes JMP 64CBEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!socket 778C3F00 5 Bytes JMP 64CBE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!recv 778C47DF 5 Bytes JMP 64CBF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!connect 778C48BE 5 Bytes JMP 64CBE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!getaddrinfo 778C6737 5 Bytes JMP 64CBE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5860] WS2_32.dll!send 778CC4C8 5 Bytes JMP 64CBE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp NEOFLTR_610_13103.SYS AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp NEOFLTR_610_13103.SYS AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library c:\PROGRA~1\MIF707~1\shellext.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [2020] 0x60120000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197edba2a9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Identity 0x7B 0x00 0x37 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@InstallComplete 1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0002@NodeID 0x4D 0x05 0xB2 0x3D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197edba2a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@COD Type 1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@Identity 0x7B 0x00 0x37 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@InstallComplete 1 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0002@NodeID 0x4D 0x05 0xB2 0x3D ... ---- EOF - GMER 1.0.15 ----