GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-20 14:22:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 WDC_____ rev.01.0 931,51GB Running: 1k22dfys.exe; Driver: C:\Users\Dariusz\AppData\Local\Temp\pxldapog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077288791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076711401 2 bytes JMP 772ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076711419 2 bytes JMP 772ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076711431 2 bytes JMP 77328ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007671144a 2 bytes CALL 772848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767114dd 2 bytes JMP 773287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767114f5 2 bytes JMP 77328978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007671150d 2 bytes JMP 77328698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076711525 2 bytes JMP 77328a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007671153d 2 bytes JMP 7729fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076711555 2 bytes JMP 772a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007671156d 2 bytes JMP 77328f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076711585 2 bytes JMP 77328ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007671159d 2 bytes JMP 7732865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767115b5 2 bytes JMP 7729fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767115cd 2 bytes JMP 772ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767116b2 2 bytes JMP 77328e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767116bd 2 bytes JMP 773285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076711401 2 bytes JMP 772ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076711419 2 bytes JMP 772ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076711431 2 bytes JMP 77328ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007671144a 2 bytes CALL 772848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767114dd 2 bytes JMP 773287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767114f5 2 bytes JMP 77328978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007671150d 2 bytes JMP 77328698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076711525 2 bytes JMP 77328a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007671153d 2 bytes JMP 7729fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076711555 2 bytes JMP 772a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007671156d 2 bytes JMP 77328f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076711585 2 bytes JMP 77328ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007671159d 2 bytes JMP 7732865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767115b5 2 bytes JMP 7729fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767115cd 2 bytes JMP 772ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767116b2 2 bytes JMP 77328e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1872] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767116bd 2 bytes JMP 773285f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2064] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000727c17fa 2 bytes CALL 772811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2064] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000727c1860 2 bytes CALL 772811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000727c1942 2 bytes JMP 76507089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2064] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000727c194d 2 bytes JMP 7650cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076711401 2 bytes JMP 772ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076711419 2 bytes JMP 772ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076711431 2 bytes JMP 77328ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007671144a 2 bytes CALL 772848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767114dd 2 bytes JMP 773287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767114f5 2 bytes JMP 77328978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007671150d 2 bytes JMP 77328698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076711525 2 bytes JMP 77328a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007671153d 2 bytes JMP 7729fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076711555 2 bytes JMP 772a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007671156d 2 bytes JMP 77328f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076711585 2 bytes JMP 77328ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007671159d 2 bytes JMP 7732865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767115b5 2 bytes JMP 7729fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767115cd 2 bytes JMP 772ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767116b2 2 bytes JMP 77328e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767116bd 2 bytes JMP 773285f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076711401 2 bytes JMP 772ab21b C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076711419 2 bytes JMP 772ab346 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076711431 2 bytes JMP 77328ea9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007671144a 2 bytes CALL 772848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000767114dd 2 bytes JMP 773287a2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000767114f5 2 bytes JMP 77328978 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007671150d 2 bytes JMP 77328698 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076711525 2 bytes JMP 77328a62 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007671153d 2 bytes JMP 7729fca8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076711555 2 bytes JMP 772a68ef C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007671156d 2 bytes JMP 77328f61 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076711585 2 bytes JMP 77328ac2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007671159d 2 bytes JMP 7732865c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000767115b5 2 bytes JMP 7729fd41 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000767115cd 2 bytes JMP 772ab2dc C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000767116b2 2 bytes JMP 77328e24 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2640] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000767116bd 2 bytes JMP 773285f1 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076711401 2 bytes JMP 772ab21b C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076711419 2 bytes JMP 772ab346 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076711431 2 bytes JMP 77328ea9 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007671144a 2 bytes CALL 772848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767114dd 2 bytes JMP 773287a2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767114f5 2 bytes JMP 77328978 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007671150d 2 bytes JMP 77328698 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076711525 2 bytes JMP 77328a62 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007671153d 2 bytes JMP 7729fca8 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076711555 2 bytes JMP 772a68ef C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007671156d 2 bytes JMP 77328f61 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076711585 2 bytes JMP 77328ac2 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007671159d 2 bytes JMP 7732865c C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767115b5 2 bytes JMP 7729fd41 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767115cd 2 bytes JMP 772ab2dc C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767116b2 2 bytes JMP 77328e24 C:\Windows\syswow64\kernel32.dll .text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe[4220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767116bd 2 bytes JMP 773285f1 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!malloc] [7793fac0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_initterm] [7793d264] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!free] [77945438] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_amsg_exit] [77938e80] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!wcstok] [779500fc] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_unlock] [779476e4] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_vsnwprintf] [7793f99c] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!__dllonexit] [77938a30] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_lock] [779462c0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!_onexit] [77937d80] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!memcpy] [7794991c] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!memset] [779496f0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[msvcrt.dll!__CxxFrameHandler3] [77948fd0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ntdll.dll!RtlLookupFunctionEntry] [7fefeb30b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ntdll.dll!RtlCaptureContext] [7fefeaf137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ntdll.dll!RtlVirtualUnwind] [7fefeaf8e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetSystemInfo] [0] IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetModuleHandleW] [7fefbcb17a0] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetProcAddress] [7fefbcb4f74] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [7fefbcb4d90] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!UnhandledExceptionFilter] [7fefbcb189c] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetCurrentProcess] [7fefbcb15e0] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!TerminateProcess] [7fefbcb4f84] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!CompareStringW] [7fefbcb13d0] C:\Windows\system32\ATL.DLL IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GlobalAlloc] [0] IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetCurrentThreadId] [7785ea90] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!DeleteTimerQueueEx] [7785e8a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!CreateTimerQueue] [77830650] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!CreateTimerQueueTimer] [77824750] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!lstrlenW] [77831950] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!SetEvent] [77825c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!CloseHandle] [77831560] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!CreateEventW] [778259c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetLastError] [778233a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetProcessHeap] [77823400] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!HeapFree] [7785c050] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!DisableThreadLibraryCalls] [778251b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!Sleep] [778ab7e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!QueryPerformanceCounter] [77829040] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetCurrentProcessId] [7782b8d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [77812870] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoMarshalInterThreadInterfaceInStream] [7fefeb3bfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoInitializeEx] [7fefeaf30e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoCreateInstance] [7fefeaf27dc] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoTaskMemAlloc] [7fefeaf1000] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoGetInterfaceAndReleaseStream] [7fefeaf3d24] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CreateStreamOnHGlobal] [7fefeb32954] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!PropVariantCopy] [7fefeb1ab88] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoUnmarshalInterface] [0] IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoSetProxyBlanket] [0] IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[ole32.dll!CoMarshalInterface] [7feff067490] C:\Windows\system32\ole32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[USER32.dll!LoadStringW] [7fefee8c984] C:\Windows\system32\SHLWAPI.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[SHELL32.dll!SHChangeNotify] [7fefea11320] C:\Windows\system32\OLEAUT32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[PROPSYS.dll!PSCreateMemoryPropertyStore] [77831a40] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[PROPSYS.dll!PropVariantToGUID] [77876a20] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[PROPSYS.dll!PropVariantToUInt32] [77872080] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[PROPSYS.dll!PropVariantToStringAlloc] [77831a20] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[PROPSYS.dll!InitPropVariantFromStringVector] [77823c80] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[2004] @ C:\Windows\system32\NetworkItemFactory.dll[SHLWAPI.dll!SHStrDupW] [7fefde71db0] C:\Windows\system32\SHELL32.dll ---- EOF - GMER 2.1 ----