GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-18 12:50:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0003 298,09GB Running: odtkxnkh.exe; Driver: C:\Users\Remek\AppData\Local\Temp\kgdyiaod.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003608000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000360802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2164] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000723717fa 2 bytes CALL 75f511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2164] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072371860 2 bytes CALL 75f511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072371942 2 bytes JMP 75a27089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007237194d 2 bytes JMP 75a2cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000723717fa 2 bytes CALL 75f511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072371860 2 bytes CALL 75f511a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072371942 2 bytes JMP 75a27089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007237194d 2 bytes JMP 75a2cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[2192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075f58791 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[632] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[632] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe[4516] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe[4516] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[5012] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\user32.DLL!DrawTextExW 00000000757d149e 6 bytes [68, 1C, B1, A1, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\user32.DLL!DrawTextW 00000000757d25cf 6 bytes [68, 4C, CE, A1, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\user32.DLL!MessageBeep 00000000757dc036 6 bytes [68, 04, 67, A6, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075aa9a50 6 bytes [68, 84, 0C, A2, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b2a450 6 bytes [68, 6C, BC, A1, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\ws2_32.dll!WSASend 0000000075a24406 6 bytes [68, 5C, 70, A1, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\ws2_32.dll!send 0000000075a26f01 6 bytes [68, 0C, 65, A1, 04, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6756] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000075261401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000075261419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000075261431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007526144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000752614dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000752614f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007526150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000075261525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007526153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000075261555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007526156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000075261585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007526159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000752615b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000752615cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000752616b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\OTL.exe[4164] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000752616bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Remek\Downloads\odtkxnkh.exe[6748] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007765000c 1 byte [C3] .text C:\Users\Remek\Downloads\odtkxnkh.exe[6748] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000776df8ea 5 bytes JMP 000000017768d5c1 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef415741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4155f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4155674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4155e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4157f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4156a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4156ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4157b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4157ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef41578b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4154fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4155d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2412] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4157584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\regsvr32.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef1f0b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef1f0a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef1f0a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef1f0b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef1f0b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef1f0bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef1f0a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef1f0a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef1f0a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef1f0ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef1f0add4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef1f0a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef1f0a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef1f0aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef1f0a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef1f0ad5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef1f0aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\System32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef1f0aae8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef1f0a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[1932] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd114230] C:\Windows\system32\apphelp.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef213e820] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef2165690] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef213e820] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef21655b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef21655b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef2166410] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef2165790] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef21224c0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef2165d20] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef2121c30] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\regsvr32.exe [2732:4484] 000000006af995e0 Thread C:\Windows\SysWOW64\regsvr32.exe [5012:4492] 000000006af92f08 Thread C:\Windows\SysWOW64\regsvr32.exe [5012:4476] 000000006af92f08 Thread C:\Windows\SysWOW64\regsvr32.exe [5012:4468] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4884:3660] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4884:5912] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4884:3656] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4884:5780] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6756:6900] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6756:6908] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6756:6932] 000000006af92f08 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6756:6952] 000000006af92f08 ---- Processes - GMER 2.1 ---- Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [3416](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2708](2014-11-11 21:22:42) 0000000010000000 Library C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2592] (Secure overlay library/Microsoft)(2014-10-29 19:03:01) 000007feef530000 Library C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2592](2014-10-29 19:03:02) 000007feeec60000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3912](2014-11-11 21:22:42) 0000000005920000 Library C:\Users\Remek\AppData\Local\Ugmedia\Acrofx32.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [2732](2014-11-11 21:22:32) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [632](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe [4384](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe [4516](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [5012](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4884](2014-11-11 21:22:42) 0000000002e70000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6756](2014-11-11 21:22:42) 0000000002730000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Users\Remek\Downloads\OTL.exe [4164](2014-11-11 21:22:42) 0000000010000000 Library C:\Users\Remek\AppData\Local\IZsoft\Acrofx32.dll (*** suspicious ***) @ C:\Users\Remek\Downloads\odtkxnkh.exe [6748](2014-11-11 21:22:42) 0000000010000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db7a620 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db7a620@101dc0c45d30 0x8A 0x3F 0xBE 0x0D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db7a620 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db7a620@101dc0c45d30 0x8A 0x3F 0xBE 0x0D ... ---- EOF - GMER 2.1 ----