GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-29 14:26:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LT0 rev.0001 465,76GB Running: xshexl47.exe; Driver: C:\Users\MAGDA\AppData\Local\Temp\ufddapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[4000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\watchdog_service.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\ComarchCryptoProvider\ComarchCryptoServer.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 761fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 761fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76278f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 761d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76278802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 762789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 762786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76278ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 761efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 761f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76278fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76278b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 762786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 761efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 761fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76278e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76278651 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef6e9b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef6e9be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef6e9bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef6e9a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef6e9b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef6e9bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef6e9a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef6e9bf08] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef6e9b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef6e9bc64] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef6e9be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef6e9d12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef6e9bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef6e9ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef6e9a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef6e9a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef6e9a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef6e9ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef6e9add4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef6e9a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef6e9ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef6e9a3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef6e9ad5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef6e9aae8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef6e9be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef6e9b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef6e9bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef6e9ae38] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef6e9a938] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef6e9ac74] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef6e9a530] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef6e9a83c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef6e9b634] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef6e9aa5c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef6e9bc64] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINHTTP.DLL[KERNEL32.dll!CreateFileW] [7fef6e9a684] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WINHTTP.DLL[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\webio.dll[KERNEL32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef6e9b74c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef6e9b928] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fef6e9bd00] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fef6e9be20] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefb9f4230] C:\Windows\system32\apphelp.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9ca09cc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9ca09cc@b4527d71ffb5 0xD5 0x76 0xAB 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9ca09cc@608f5c4b0a56 0xFA 0x0D 0x39 0x61 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9ca09cc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9ca09cc@b4527d71ffb5 0xD5 0x76 0xAB 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9ca09cc@608f5c4b0a56 0xFA 0x0D 0x39 0x61 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}@Flags 64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore@Type 3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore@Flags 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore@Count 8 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore@Time 0xE1 0x07 0x04 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}\iexplore@Blocked 8 ---- Files - GMER 2.2 ---- ADS C:\ProgramData\Package Cache\{00C5024D-925C-4E9E-A8E6-F9B84ABE0DA0}\packages\Win81_SDK\9bcb3fab78e80d68be28892ea7ad46c3.msp:dp 105472 bytes executable ADS C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab:dp 102912 bytes executable ---- EOF - GMER 2.2 ----