GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-13 20:20:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD20EARS-60MVWB0 rev.51.0AB51 1863,02GB Running: d4qmp0pm.exe; Driver: C:\Users\ROBERT\AppData\Local\Temp\pxldrpog.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe[1472] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770987b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1604] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2580] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?CreateDifferenceFile@CC2CDifferenceFile@@UAEGPAD00@Z 00000000667236bd 5 bytes JMP 0000000101d700b0 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?RestoreOriginalFile@CC2CDifferenceFile@@UAEGPAD00@Z 0000000066723e40 5 bytes JMP 0000000101d70150 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?MakeAsciiDifferenceFile@CC2CDifferenceFile@@UAEGPAD0@Z 00000000667243c1 5 bytes JMP 0000000101d70100 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?LoadJumpDbFromBuffer@CJumpRun@@UAEGKPAE@Z 000000006672a952 5 bytes JMP 0000000101d703c0 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?LoadJumpDbFromBuffer@CJumpRun@@UAEGKPAE@Z + 126 000000006672a9d0 13 bytes [2A, 9D, FF, 95, 2E, C4, 1E, ...] .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?GetKeyData@CKeyBasic@@UAEGPAE@Z 000000006672e35f 5 bytes JMP 0000000101d70630 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?PerformTransform@CTransformXor@@UAEGVCDataArea@@0@Z 000000006672ea2f 5 bytes JMP 0000000101d6f970 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?PerformTransform@CTransformXor@@UAEGVCDataArea@@0@Z + 768 000000006672ed2f 15 bytes [90, 6A, 23, E7, 76, 50, 88, ...] .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?PerformTransform@CTransformRandomAccumulate@@UAEGVCDataArea@@0@Z 000000006672ee42 5 bytes JMP 0000000101d6f700 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?PerformTransform@CTransformRandomAccumulate@@UAEGVCDataArea@@0@Z + 850 000000006672f194 5 bytes JMP 0000000101d6a050 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?LoadModuleDetails@CModuleMonitor@@QAEGPAD@Z 0000000066733ce7 5 bytes JMP 0000000101d6f220 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?ScanModule@CModuleMonitor@@QAEGKG@Z 00000000667342f0 5 bytes JMP 0000000101d6f490 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?IsModuleChecksumOkay@CModuleMonitor@@QAEGXZ 0000000066734a23 5 bytes JMP 0000000101d70b10 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?IsModuleWithinLimits@CModuleMonitor@@QAEGKKK@Z 0000000066734a59 5 bytes JMP 0000000101d70da0 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?SetupInterruptHandler@CAltAsc@@QAEGPAX00PAK1@Z 00000000667590d5 5 bytes JMP 0000000101d70010 .text C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe[3508] C:\Users\ROBERT\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0134\~df394b.tmp!?RestoreInterruptHandler@CAltAsc@@QAEGXZ 0000000066759569 5 bytes JMP 0000000101d71300 ? C:\Windows\system32\mssprxy.dll [3508] entry point in ".rdata" section 00000000746071e6 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071fe11a8 2 bytes [FE, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000071fe127d 2 bytes [FE, 71] .text ... * 6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071fe13a8 2 bytes [FE, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071fe1422 2 bytes [FE, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1844] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071fe1498 2 bytes [FE, 71] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075722da4 5 bytes JMP 00000001722f9ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007573cbf3 5 bytes JMP 0000000172448f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007573cfca 5 bytes JMP 0000000172251893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007575cb0c 5 bytes JMP 0000000172448ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007575ce64 5 bytes JMP 0000000172448f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007576fbd1 5 bytes JMP 0000000172448e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007576fc9d 5 bytes JMP 0000000172448ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007576fcd6 5 bytes JMP 0000000172448d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007576fcfa 5 bytes JMP 0000000172448d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c593ec 5 bytes JMP 0000000172449150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007198388e 5 bytes JMP 0000000072449000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a27922 5 bytes JMP 00000000724490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2344] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000172449348 ? C:\Windows\system32\mssprxy.dll [2344] entry point in ".rdata" section 00000000746071e6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d325fd 6 bytes JMP 0000000172318054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d42a63 6 bytes JMP 00000001722b980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000770934b5 5 bytes JMP 00000001722b75e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000001723203df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007571d22e 5 bytes JMP 00000001722c3643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007572291f 5 bytes JMP 000000017229ddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075722da4 5 bytes JMP 00000001722f9ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075726285 5 bytes JMP 0000000172317ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075727603 5 bytes JMP 00000001722f25b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007572b029 5 bytes JMP 00000001724492d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007572c63e 5 bytes JMP 0000000172449310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000757350ed 5 bytes JMP 00000001724499d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075735246 5 bytes JMP 0000000172449268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!EndDialog 000000007573b99c 5 bytes JMP 0000000172449ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007573c701 5 bytes JMP 00000001724499fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007573cbf3 5 bytes JMP 0000000172448f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007573cfca 5 bytes JMP 0000000172251893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007573eb96 5 bytes JMP 000000017229dedd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007573f52b 5 bytes JMP 000000017233ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff4a 5 bytes JMP 000000017244a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000757410dc 5 bytes JMP 00000001724492a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000757414b2 5 bytes JMP 000000017244a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075759cfd 5 bytes JMP 000000017244a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007575cb0c 5 bytes JMP 0000000172448ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007575ce64 5 bytes JMP 0000000172448f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007576fbd1 5 bytes JMP 0000000172448e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007576fc9d 5 bytes JMP 0000000172448ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007576fcd6 5 bytes JMP 0000000172448d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007576fcfa 5 bytes JMP 0000000172448d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757702bf 5 bytes JMP 000000017244a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076906143 5 bytes JMP 0000000172449704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bf3e59 5 bytes JMP 00000001724497fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bf3eae 5 bytes JMP 000000017244987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bf4731 5 bytes JMP 000000017244976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bf5dee 5 bytes JMP 000000017244981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c593ec 5 bytes JMP 0000000172449150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007198388e 5 bytes JMP 0000000072449000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a27922 5 bytes JMP 00000000724490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000076b433a3 5 bytes JMP 00000001724493ec .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000172449348 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5036] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000076b5e8ff 5 bytes JMP 00000001724494b8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077d325fd 6 bytes JMP 0000000172318054 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077d42a63 6 bytes JMP 00000001722b980d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000770934b5 5 bytes JMP 00000001722b75e3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075718a29 5 bytes JMP 00000001723203df .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007571d22e 5 bytes JMP 00000001722c3643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007572291f 5 bytes JMP 000000017229ddb3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075722da4 5 bytes JMP 00000001722f9ebc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075726285 5 bytes JMP 0000000172317ff1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075727603 5 bytes JMP 00000001722f25b4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007572b029 5 bytes JMP 00000001724492d8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007572c63e 5 bytes JMP 0000000172449310 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000757350ed 5 bytes JMP 00000001724499d2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075735246 5 bytes JMP 0000000172449268 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!EndDialog 000000007573b99c 5 bytes JMP 0000000172449ca6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007573c701 5 bytes JMP 00000001724499fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007573cbf3 5 bytes JMP 0000000172448f36 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007573cfca 5 bytes JMP 0000000172251893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007573eb96 5 bytes JMP 000000017229dedd .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007573f52b 5 bytes JMP 000000017233ed14 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!SendInput 000000007573ff4a 5 bytes JMP 000000017244a269 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000757410dc 5 bytes JMP 00000001724492a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000757414b2 5 bytes JMP 000000017244a2c1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075759cfd 5 bytes JMP 000000017244a342 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007575cb0c 5 bytes JMP 0000000172448ed1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007575ce64 5 bytes JMP 0000000172448f9b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007576fbd1 5 bytes JMP 0000000172448e58 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007576fc9d 5 bytes JMP 0000000172448ddf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007576fcd6 5 bytes JMP 0000000172448d7b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007576fcfa 5 bytes JMP 0000000172448d17 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757702bf 5 bytes JMP 000000017244a226 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076906143 5 bytes JMP 0000000172449704 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075bf3e59 5 bytes JMP 00000001724497fc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075bf3eae 5 bytes JMP 000000017244987a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075bf4731 5 bytes JMP 000000017244976e .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075bf5dee 5 bytes JMP 000000017244981a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075c593ec 5 bytes JMP 0000000172449150 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ce1401 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ce1419 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ce1431 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ce144a 2 bytes [CE, 76] .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ce14dd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ce14f5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ce150d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ce1525 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ce153d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ce1555 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ce156d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ce1585 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ce159d 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ce15b5 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ce15cd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ce16b2 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ce16bd 2 bytes [CE, 76] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007198388e 5 bytes JMP 0000000072449000 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000071a27922 5 bytes JMP 00000000724490a8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000076b433a3 5 bytes JMP 00000001724493ec .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000172449348 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[744] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 0000000076b5e8ff 5 bytes JMP 00000001724494b8 ---- Registry - GMER 2.0 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{47C91837-9C0A-42AB-906F-CEAEDA20273D} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{494BE2B2-904E-2CA5-64FD-B8CA7FAB00D5} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{494BE2B2-904E-2CA5-64FD-B8CA7FAB00D5}@jboccphkhddpaafbcgcihmlooolfpjpkpomeadfflhdianjmbjbn 0x68 0x61 0x67 0x69 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{494BE2B2-904E-2CA5-64FD-B8CA7FAB00D5}@dboccphkhddpaafbcgcibmcjglhainnncglonlcm 0x62 0x61 0x6C 0x65 ... ---- EOF - GMER 2.0 ----