GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-25 15:50:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0005 698,64GB Running: do64bfpu.exe; Driver: C:\Users\RT2\AppData\Local\Temp\uxriipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3328] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000076e06440 5 bytes JMP 000000016fd8e4b0 .text C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe[3328] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000076e06530 5 bytes JMP 000000016fd8e390 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076938791 5 bytes JMP 0000000166d07765 .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076646143 5 bytes JMP 0000000167a1a10a .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074c43e59 5 bytes JMP 0000000166d364f5 .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074c43eae 1 byte JMP 0000000166d3c2b2 .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\OLEAUT32.dll!VariantClear + 2 0000000074c43eb0 3 bytes {JMP 0xfffffffff20f8404} .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074c44731 5 bytes JMP 0000000166d3a4ad .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074c45dee 5 bytes JMP 0000000166d83925 .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [4268] entry point in ".rdata" section 00000000627371e6 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[8984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000074e53fa0 5 bytes JMP 0000000156a2d7b0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074e58760 5 bytes JMP 0000000156a2d3d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\WININET.dll!InternetConnectW 0000000074e5c410 5 bytes JMP 0000000156a2d140 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\WININET.dll!InternetReadFile 0000000074e64fb0 5 bytes JMP 0000000156a2d750 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074e73290 5 bytes JMP 0000000156a2d800 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767e1401 2 bytes JMP 7695b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767e1419 2 bytes JMP 7695b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767e1431 2 bytes JMP 769d8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767e144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767e14dd 2 bytes JMP 769d87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767e14f5 2 bytes JMP 769d8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767e150d 2 bytes JMP 769d8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767e1525 2 bytes JMP 769d8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767e153d 2 bytes JMP 7694fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767e1555 2 bytes JMP 769568ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767e156d 2 bytes JMP 769d8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767e1585 2 bytes JMP 769d8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767e159d 2 bytes JMP 769d865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767e15b5 2 bytes JMP 7694fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767e15cd 2 bytes JMP 7695b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767e16b2 2 bytes JMP 769d8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767e16bd 2 bytes JMP 769d85f1 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2220] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f0bbbe0] C:\Windows\system32\mfevtps.exe IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fee9f2d8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fee9f563e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fee9f2d8e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee9f56300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee9f56300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fee9f57160] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\mshtml.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\mshtml.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\mshtml.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\mshtml.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\shdocvw.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\shdocvw.dll[USER32.dll!EnableWindow] [7fee9f12090] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\shdocvw.dll[USER32.dll!DialogBoxParamW] [7fee9f564e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Users\RT2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Users\RT2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Users\RT2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\MSVCR110.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\SearchFolder.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\NetworkExplorer.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\dtsh.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\FirewallAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\gdiplus.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WINMM.dll[USER32.dll!MessageBoxW] [7fee9f56a70] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\PortableDeviceApi.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\EhStorAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\FunDisc.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ATL.DLL[USER32.dll!DialogBoxIndirectParamW] [7fee9f56300] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ATL.DLL[USER32.dll!DialogBoxIndirectParamA] [7fee9f56220] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\ATL.DLL[USER32.dll!MessageBoxA] [7fee9f565e0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\fdwcn.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\wcnapi.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\dfscli.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\system32\browcli.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[8956] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetProcAddress] [7fee9f11800] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2412] 0000000077143e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2420] 0000000077142e65 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2768] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2772] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2776] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2780] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2784] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2788] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2792] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2796] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2800] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2804] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2808] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2812] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2816] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2820] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2824] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2828] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2832] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:2836] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3480] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3484] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3492] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3664] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3688] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3708] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3732] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:3736] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4052] 0000000077143e85 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4056] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4132] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4136] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4140] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4184] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4188] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4872] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:4876] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:6052] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:10132] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:8236] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:11688] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:12260] 0000000070c629e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2256:1816] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2624] 0000000077143e85 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2644] 0000000077142e65 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2660] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2664] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2668] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2672] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2676] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2692] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2696] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2700] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2704] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2728] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2732] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2736] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2740] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2744] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2748] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2756] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2760] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:2764] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3472] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3476] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3488] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3668] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3676] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3684] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3692] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3712] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3716] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3740] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3748] 0000000077143e85 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:3896] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:4048] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:4460] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:4464] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:4476] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:5092] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:5096] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:1820] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:4384] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:960] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:7816] 0000000070c629e1 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2612:12052] 0000000070c629e1 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.˜ÿ€"\OpenWithProgids@\x98\x2d9\x20ac"_auto_file ---- Files - GMER 2.1 ---- File C:\Users\RT2\AppData\Local\Temp\~DF95F59A2DDBC3F48C.TMP 0 bytes ---- EOF - GMER 2.1 ----