GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-15 23:50:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB Running: yocui3xx.exe; Driver: C:\Users\Ado\AppData\Local\Temp\pwldrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075772da4 5 bytes JMP 0000000169989eb4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007578cbf3 5 bytes JMP 0000000169ad8fb6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007578cfca 5 bytes JMP 00000001698e1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757acb0c 5 bytes JMP 0000000169ad8f51 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757ace64 5 bytes JMP 0000000169ad901b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757bfbd1 5 bytes JMP 0000000169ad8ed8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757bfc9d 5 bytes JMP 0000000169ad8e5f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757bfcd6 5 bytes JMP 0000000169ad8dfb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757bfcfa 5 bytes JMP 0000000169ad8d97 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768293ec 5 bytes JMP 0000000169ad91d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007069388e 5 bytes JMP 0000000169ad9080 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070737922 5 bytes JMP 0000000169ad9128 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5108] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000169ad93c8 ? C:\Windows\system32\mssprxy.dll [5108] entry point in ".rdata" section 000000006a9771e6 ? C:\Windows\System32\NLSData0000.dll [5108] entry point in ".rdata" section 000000006357c541 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779625fd 6 bytes JMP 00000001699a8042 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077972a63 6 bytes JMP 0000000169949805 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000766134b5 5 bytes JMP 00000001699475db .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075768a29 5 bytes JMP 00000001699b03cf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007576d22e 5 bytes JMP 000000016995363b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075772da4 5 bytes JMP 0000000169989eb4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075776285 5 bytes JMP 00000001699a7fdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075777603 5 bytes JMP 00000001699825ac .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007578cbf3 5 bytes JMP 0000000169ad8fb6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007578cfca 5 bytes JMP 00000001698e1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007578f52b 5 bytes JMP 00000001699ced00 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757acb0c 5 bytes JMP 0000000169ad8f51 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757ace64 5 bytes JMP 0000000169ad901b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757bfbd1 5 bytes JMP 0000000169ad8ed8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757bfc9d 5 bytes JMP 0000000169ad8e5f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757bfcd6 5 bytes JMP 0000000169ad8dfb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757bfcfa 5 bytes JMP 0000000169ad8d97 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076976143 5 bytes JMP 0000000169ad9784 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000767c3e59 5 bytes JMP 0000000169ad987c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000767c3eae 5 bytes JMP 0000000169ad98fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000767c4731 5 bytes JMP 0000000169ad97ee .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000767c5dee 5 bytes JMP 0000000169ad989a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768293ec 5 bytes JMP 0000000169ad91d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007069388e 5 bytes JMP 0000000169ad9080 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070737922 5 bytes JMP 0000000169ad9128 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3276] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000169ad93c8 .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779625fd 6 bytes JMP 00000001699a8042 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077972a63 6 bytes JMP 0000000169949805 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000766134b5 5 bytes JMP 00000001699475db .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075768a29 5 bytes JMP 00000001699b03cf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007576d22e 5 bytes JMP 000000016995363b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075772da4 5 bytes JMP 0000000169989eb4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075776285 5 bytes JMP 00000001699a7fdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075777603 5 bytes JMP 00000001699825ac .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007578cbf3 5 bytes JMP 0000000169ad8fb6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007578cfca 5 bytes JMP 00000001698e1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007578f52b 5 bytes JMP 00000001699ced00 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757acb0c 5 bytes JMP 0000000169ad8f51 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757ace64 5 bytes JMP 0000000169ad901b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757bfbd1 5 bytes JMP 0000000169ad8ed8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757bfc9d 5 bytes JMP 0000000169ad8e5f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757bfcd6 5 bytes JMP 0000000169ad8dfb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757bfcfa 5 bytes JMP 0000000169ad8d97 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076976143 5 bytes JMP 0000000169ad9784 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000767c3e59 5 bytes JMP 0000000169ad987c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000767c3eae 5 bytes JMP 0000000169ad98fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000767c4731 5 bytes JMP 0000000169ad97ee .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000767c5dee 5 bytes JMP 0000000169ad989a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768293ec 5 bytes JMP 0000000169ad91d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007069388e 5 bytes JMP 0000000169ad9080 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070737922 5 bytes JMP 0000000169ad9128 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4356] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000169ad93c8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000779625fd 6 bytes JMP 00000001699a8042 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077972a63 6 bytes JMP 0000000169949805 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000766134b5 5 bytes JMP 00000001699475db .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075768a29 5 bytes JMP 00000001699b03cf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007576d22e 5 bytes JMP 000000016995363b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075772da4 5 bytes JMP 0000000169989eb4 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075776285 5 bytes JMP 00000001699a7fdf .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075777603 5 bytes JMP 00000001699825ac .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007578cbf3 5 bytes JMP 0000000169ad8fb6 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007578cfca 5 bytes JMP 00000001698e1893 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007578f52b 5 bytes JMP 00000001699ced00 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000757acb0c 5 bytes JMP 0000000169ad8f51 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000757ace64 5 bytes JMP 0000000169ad901b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000757bfbd1 5 bytes JMP 0000000169ad8ed8 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000757bfc9d 5 bytes JMP 0000000169ad8e5f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000757bfcd6 5 bytes JMP 0000000169ad8dfb .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000757bfcfa 5 bytes JMP 0000000169ad8d97 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076976143 5 bytes JMP 0000000169ad9784 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000767c3e59 5 bytes JMP 0000000169ad987c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000767c3eae 5 bytes JMP 0000000169ad98fa .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000767c4731 5 bytes JMP 0000000169ad97ee .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000767c5dee 5 bytes JMP 0000000169ad989a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000768293ec 5 bytes JMP 0000000169ad91d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007069388e 5 bytes JMP 0000000169ad9080 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000070737922 5 bytes JMP 0000000169ad9128 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3540] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076b52694 5 bytes JMP 0000000169ad93c8 .text C:\Users\Ado\Downloads\OTL.exe[5292] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075531465 2 bytes [53, 75] .text C:\Users\Ado\Downloads\OTL.exe[5292] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000755314bb 2 bytes [53, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4248] 000007fefc142a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337512d0 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337512d0 Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\0024337512d0 (not active ControlSet) ---- EOF - GMER 2.1 ----