GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-14 06:20:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: gmer.exe; Driver: C:\Users\Primol\AppData\Local\Temp\awrdipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 000000006dda17fa 2 bytes CALL 753f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 000000006dda1860 2 bytes CALL 753f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 000000006dda1942 2 bytes JMP 754f7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000006dda194d 2 bytes JMP 754fcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 0000000103e8a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 0000000103e8a630 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutOpen 000000006d9b451e 5 bytes JMP 0000000103e8ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutClose 000000006d9b4b6d 5 bytes JMP 0000000103e8abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutUnprepareHeader 000000006d9b4bf2 5 bytes JMP 0000000103e8ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutPrepareHeader 000000006d9b4f0f 5 bytes JMP 0000000103e8ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutWrite 000000006d9b4f7b 5 bytes JMP 0000000103e8ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInOpen 000000006d9b9054 5 bytes JMP 0000000103e8ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutReset 000000006d9badf9 5 bytes JMP 0000000103e8abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutGetVolume 000000006d9d52e8 5 bytes JMP 0000000103e8acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveOutSetVolume 000000006d9d535f 5 bytes JMP 0000000103e8acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInClose 000000006d9d59cc 5 bytes JMP 0000000103e8ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInPrepareHeader 000000006d9d5a6a 5 bytes JMP 0000000103e8aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInUnprepareHeader 000000006d9d5ad7 5 bytes JMP 0000000103e8af00 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInAddBuffer 000000006d9d5b5b 5 bytes JMP 0000000103e8af40 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInStart 000000006d9d5bba 5 bytes JMP 0000000103e8af80 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInStop 000000006d9d5bee 5 bytes JMP 0000000103e8b000 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInReset 000000006d9d5c22 5 bytes JMP 0000000103e8b060 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\winmm.dll!waveInGetPosition 000000006d9d5c67 5 bytes JMP 0000000103e8b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 0000000103e8a690 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 0000000103e8a770 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 0000000103e8a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 0000000103e8a990 .text C:\Windows\SysWOW64\HsMgr.exe[2220] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 0000000103e8aa80 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutClose 000007fef86836ac 5 bytes JMP 000007fefdd101f0 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fef8683770 5 bytes JMP 000007fefdd10298 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fef86838d0 5 bytes JMP 000007fefdd101b8 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fef8683ca4 5 bytes JMP 000007fefdd10260 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fef8683d40 5 bytes JMP 000007fefdd10228 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInOpen 000007fef8687fe0 7 bytes JMP 000007fefdd10378 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutReset 000007fef868a38c 5 bytes JMP 000007fefdd102d0 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fef86a49f0 5 bytes JMP 000007fefdd10308 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fef86a4ab0 5 bytes JMP 000007fefdd10340 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInClose 000007fef86a52e0 5 bytes JMP 000007fefdd103b0 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fef86a53c0 5 bytes JMP 000007fefdd10490 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fef86a5454 5 bytes JMP 000007fefdd104c8 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fef86a5514 5 bytes JMP 000007fefdd10500 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInStart 000007fef86a55a4 6 bytes JMP 000007fefdd103e8 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInStop 000007fef86a55e4 6 bytes JMP 000007fefdd10420 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInReset 000007fef86a5624 5 bytes JMP 000007fefdd10458 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fef86a567c 5 bytes JMP 000007fefdd10538 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007feee386944 7 bytes JMP 000007fefdd10180 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007feee3a5a84 7 bytes JMP 000007fefdd10148 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007feee3a5b90 7 bytes JMP 000007fefdd10570 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007feee3a5c94 7 bytes JMP 000007fefdd105a8 .text C:\Windows\system\HsMgr64.exe[2228] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007feee3a5da8 5 bytes JMP 000007fefdd105e0 .text C:\Users\Primol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2252] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Users\Primol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2252] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\USER32.dll!GetSystemMetrics 00000000773b7d2f 6 bytes [68, 8C, 8F, FF, 03, C3] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000773b90d3 6 bytes [68, DC, 9A, FF, 03, C3] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\USER32.dll!GetForegroundWindow 00000000773c2320 1 byte [68] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\USER32.dll!GetForegroundWindow + 2 00000000773c2322 4 bytes [84, FF, 03, C3] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075344de0 6 bytes [68, 2C, A6, FF, 03, C3] .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\regsvr32.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text D:\DeathAdderBlackEdition\razerhid.exe[2840] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text D:\DeathAdderBlackEdition\razerhid.exe[2840] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 00000001052ca4d0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 00000001052ca630 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 00000001052ca690 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 00000001052ca770 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 00000001052ca8a0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 00000001052ca990 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[2860] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 00000001052caa80 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 000000010616a4d0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 000000010616a630 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 000000010616a690 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 000000010616a770 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 000000010616a8a0 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 000000010616a990 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[2888] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 000000010616aa80 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3012] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3012] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 0000000106f0a4d0 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3012] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 0000000106f0a630 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 000000010552a4d0 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 000000010552a630 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 000000010552a690 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 000000010552a770 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 000000010552a8a0 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 000000010552a990 .text D:\USB-N10 WLAN Card Utilities\Wireless.exe[3020] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 000000010552aa80 .text D:\DeathAdderBlackEdition\razertra.exe[2772] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text D:\DeathAdderBlackEdition\razertra.exe[2772] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006d9b451e 5 bytes JMP 000000011000ab40 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006d9b4b6d 5 bytes JMP 000000011000abb0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006d9b4bf2 5 bytes JMP 000000011000ac90 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006d9b4f0f 5 bytes JMP 000000011000ac50 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006d9b4f7b 5 bytes JMP 000000011000ac10 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006d9b9054 5 bytes JMP 000000011000ad10 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006d9badf9 5 bytes JMP 000000011000abe0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006d9d52e8 5 bytes JMP 000000011000acd0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006d9d535f 5 bytes JMP 000000011000acf0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006d9d59cc 5 bytes JMP 000000011000ae40 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006d9d5a6a 5 bytes JMP 000000011000aec0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006d9d5ad7 5 bytes JMP 000000011000af00 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006d9d5b5b 5 bytes JMP 000000011000af40 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006d9d5bba 5 bytes JMP 000000011000af80 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006d9d5bee 5 bytes JMP 000000011000b000 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006d9d5c22 5 bytes JMP 000000011000b060 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006d9d5c67 5 bytes JMP 000000011000b0d0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 000000011000aa80 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\razerofa.exe[3780] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 000000011000a4d0 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 000000011000a630 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 000000011000a690 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 000000011000a770 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 000000011000a8a0 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 000000011000a990 .text D:\DeathAdderBlackEdition\vdDaemon.exe[3788] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 000000011000aa80 .text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[2812] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[2812] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Windows\SysWOW64\ntdll.dll[1108] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Windows\SysWOW64\ntdll.dll[1108] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\PROGRA~2\Raptr\raptr_im.exe[5676] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\PROGRA~2\Raptr\raptr_im.exe[5676] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!GetSystemMetrics 00000000773b7d2f 6 bytes [68, E4, 32, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 00000000773b90d3 6 bytes [68, 34, 3E, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!DrawTextExW 00000000773c149e 6 bytes [68, 44, D7, 3F, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!GetForegroundWindow 00000000773c2320 6 bytes [68, 94, 27, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!DrawTextW 00000000773c25cf 6 bytes [68, F4, CB, 3F, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\user32.DLL!MessageBeep 00000000773cc036 6 bytes [68, 9C, 03, 4C, 0A, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075344de0 6 bytes [68, 84, 49, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 00000001003ca4d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 00000001003ca630 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006d9b451e 6 bytes [68, 74, 6B, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006d9b4b6d 5 bytes JMP 00000001003cabb0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006d9b4bf2 5 bytes JMP 00000001003cac90 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006d9b4f0f 5 bytes JMP 00000001003cac50 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006d9b4f7b 5 bytes JMP 00000001003cac10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006d9b9054 5 bytes JMP 00000001003cad10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006d9badf9 5 bytes JMP 00000001003cabe0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006d9d52e8 5 bytes JMP 00000001003cacd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006d9d535f 5 bytes JMP 00000001003cacf0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006d9d59cc 5 bytes JMP 00000001003cae40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006d9d5a6a 5 bytes JMP 00000001003caec0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006d9d5ad7 5 bytes JMP 00000001003caf00 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006d9d5b5b 5 bytes JMP 00000001003caf40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006d9d5bba 5 bytes JMP 00000001003caf80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006d9d5bee 5 bytes JMP 00000001003cb000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006d9d5c22 5 bytes JMP 00000001003cb060 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006d9d5c67 5 bytes JMP 00000001003cb0d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 6 bytes [68, C4, 76, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 00000001003ca770 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 00000001003ca8a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 00000001003ca990 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 00000001003caa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b772a0 6 bytes [68, 24, 60, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b8d3d0 6 bytes [68, D4, 54, 40, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\ws2_32.dll!WSASend 00000000754f4406 6 bytes [68, DC, 6E, 3B, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2196] C:\Windows\syswow64\ws2_32.dll!send 00000000754f6f01 6 bytes [68, 8C, 63, 3B, 05, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!GetSystemMetrics 00000000773b7d2f 6 bytes [68, E4, 24, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 00000000773b90d3 6 bytes [68, 34, 30, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!DrawTextExW 00000000773c149e 6 bytes [68, 44, C9, 05, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!GetForegroundWindow 00000000773c2320 6 bytes [68, 94, D4, 05, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!DrawTextW 00000000773c25cf 6 bytes [68, 74, E6, 05, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\user32.DLL!MessageBeep 00000000773cc036 6 bytes [68, 9C, 03, DD, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075344de0 6 bytes [68, 84, 3B, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 0000000100aea4d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 0000000100aea630 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006d9b451e 6 bytes [68, 74, 69, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006d9b4b6d 5 bytes JMP 0000000100aeabb0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006d9b4bf2 5 bytes JMP 0000000100aeac90 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006d9b4f0f 5 bytes JMP 0000000100aeac50 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006d9b4f7b 5 bytes JMP 0000000100aeac10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006d9b9054 5 bytes JMP 0000000100aead10 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006d9badf9 5 bytes JMP 0000000100aeabe0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006d9d52e8 5 bytes JMP 0000000100aeacd0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006d9d535f 5 bytes JMP 0000000100aeacf0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006d9d59cc 5 bytes JMP 0000000100aeae40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006d9d5a6a 5 bytes JMP 0000000100aeaec0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006d9d5ad7 5 bytes JMP 0000000100aeaf00 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006d9d5b5b 5 bytes JMP 0000000100aeaf40 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006d9d5bba 5 bytes JMP 0000000100aeaf80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006d9d5bee 5 bytes JMP 0000000100aeb000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006d9d5c22 5 bytes JMP 0000000100aeb060 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006d9d5c67 5 bytes JMP 0000000100aeb0d0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 6 bytes [68, C4, 74, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 0000000100aea770 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 0000000100aea8a0 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 0000000100aea990 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 0000000100aeaa80 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753d1401 2 bytes JMP 7541b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753d1419 2 bytes JMP 7541b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753d1431 2 bytes JMP 75498f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753d144a 2 bytes CALL 753f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753d14dd 2 bytes JMP 75498822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753d14f5 2 bytes JMP 754989f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753d150d 2 bytes JMP 75498718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753d1525 2 bytes JMP 75498ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753d153d 2 bytes JMP 7540fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753d1555 2 bytes JMP 754168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753d156d 2 bytes JMP 75498fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753d1585 2 bytes JMP 75498b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753d159d 2 bytes JMP 754986dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753d15b5 2 bytes JMP 7540fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753d15cd 2 bytes JMP 7541b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753d16b2 2 bytes JMP 75498ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753d16bd 2 bytes JMP 75498671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075b772a0 6 bytes [68, 24, 52, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075b8d3d0 6 bytes [68, D4, 46, 06, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\ws2_32.dll!WSASend 00000000754f4406 6 bytes [68, DC, 6E, 05, 06, C3] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4024] C:\Windows\syswow64\ws2_32.dll!send 00000000754f6f01 6 bytes [68, 8C, 63, 05, 06, C3] .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007797000c 1 byte [C3] .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000779ffbaa 5 bytes JMP 00000001779b9cfb .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006d9b451e 5 bytes JMP 000000011000ab40 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006d9b4b6d 5 bytes JMP 000000011000abb0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006d9b4bf2 5 bytes JMP 000000011000ac90 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006d9b4f0f 5 bytes JMP 000000011000ac50 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006d9b4f7b 5 bytes JMP 000000011000ac10 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006d9b9054 5 bytes JMP 000000011000ad10 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006d9badf9 5 bytes JMP 000000011000abe0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006d9d52e8 5 bytes JMP 000000011000acd0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006d9d535f 5 bytes JMP 000000011000acf0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006d9d59cc 5 bytes JMP 000000011000ae40 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006d9d5a6a 5 bytes JMP 000000011000aec0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006d9d5ad7 5 bytes JMP 000000011000af00 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006d9d5b5b 5 bytes JMP 000000011000af40 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006d9d5bba 5 bytes JMP 000000011000af80 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006d9d5bee 5 bytes JMP 000000011000b000 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006d9d5c22 5 bytes JMP 000000011000b060 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006d9d5c67 5 bytes JMP 000000011000b0d0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069227e3d 5 bytes JMP 000000011000a690 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006925de69 5 bytes JMP 000000011000a770 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006926d2c5 5 bytes JMP 000000011000a8a0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006926d371 5 bytes JMP 000000011000a990 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006926d429 5 bytes JMP 000000011000aa80 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076169d0b 5 bytes JMP 000000011000a4d0 .text C:\Users\Primol\Desktop\gmer.exe[2508] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076169d4e 5 bytes JMP 000000011000a630 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\regsvr32.exe[ADVAPI32.dll!RegOpenKeyExW] [7fefac7b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\regsvr32.exe[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fefac7a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fefac7a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fefac7b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fefac7b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fefac7baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fefac7a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fefac7a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fefac7a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fefac7abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fefac7ab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fefac7a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fefac7a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fefac7a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fefac7a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fefac7ab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fefac7a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\System32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fefac7a890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!CreateFileW] [7fefac7a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefd334230] C:\Windows\system32\apphelp.dll IAT C:\Windows\System32\regsvr32.exe[2312] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!RegDeleteValueW] [7fefac7bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef0b9741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef0b95f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef0b95674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef0b95e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef0b97f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef0b96a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef0b96ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef0b97b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef0b97ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef0b978b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef0b94fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef0b95d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2568] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef0b97584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fedcc10740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fedcc36140] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fedcc10740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fedcc36060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fedcc36060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fedcc36ec0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[7136] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fedcc10740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fedcc36140] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fedcc10740] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fedcc36060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fedcc36060] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fedcc36ec0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fedcc36240] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fedcbfeee0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fedcc367d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6604] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fedcbf1c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\regsvr32.exe [2364:3108] 00000000026c2f10 Thread C:\Windows\SysWOW64\regsvr32.exe [2364:3116] 00000000026c2f10 Thread C:\Windows\SysWOW64\regsvr32.exe [2364:3240] 00000000026c2f10 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1140] 0000000000402e7b Thread C:\Windows\SysWOW64\ntdll.dll [1108:1076] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:2884] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1660] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1372] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1460] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:672] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1768] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1848] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:5108] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:384] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4200] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4192] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4188] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4196] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4204] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4208] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:4232] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:2052] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:2032] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1088] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:1328] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:220] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:212] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:5028] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:216] 00000000050474b7 Thread C:\Windows\SysWOW64\ntdll.dll [1108:5504] 00000000616a0d50 Thread C:\Windows\SysWOW64\ntdll.dll [1108:5708] 000000006169c2f0 Thread C:\Windows\SysWOW64\ntdll.dll [1108:376] 000000006169c000 Thread C:\Windows\SysWOW64\ntdll.dll [1108:6740] 000000006d9ba3e0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2196:1640] 0000000003512f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2196:1248] 0000000003512f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2196:1432] 0000000003512f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2196:5980] 0000000003512f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4024:3052] 0000000003712f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4024:5684] 0000000003712f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4024:6252] 0000000003712f10 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4024:6360] 0000000003712f10 ---- Processes - GMER 2.1 ---- Library C:\Users\Primol\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1812] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-05-21 21:25:58) 000007fef56c0000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Windows\SysWOW64\HsMgr.exe [2220](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Users\Primol\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2252](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe [2268](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [2364](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Users\Primol\AppData\Local\Akamai\netsession_win.exe [2752](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ D:\DeathAdderBlackEdition\razerhid.exe [2840](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2860](2015-08-09 06:33:04) 0000000003120000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2888] 0000000010000000 Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2888] (Razer Configurator/Razer Inc.)(2015-05-22 01:43:34) 0000000060360000 Library C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2888](2015-05-20 02:29:54) 0000000070810000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [3012](2015-08-09 06:33:04) 0000000004910000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ D:\USB-N10 WLAN Card Utilities\Wireless.exe [3020](2015-08-09 06 0000000002890000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ D:\DeathAdderBlackEdition\razertra.exe [2772](2015-08-09 06:33:04) 0000000010000000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ D:\DeathAdderBlackEdition\razerofa.exe [3780](2015-08-09 06:33:04) 00000000028e0000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ D:\DeathAdderBlackEdition\vdDaemon.exe [3788](2015-08-09 06:33:04) 0000000002f00000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE [2812](2015-08-09 06:33:04) 0000000002cb0000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [2196](2015-08-09 06:33:04) 0000000002e00000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [4024](2015-08-09 06:33:04) 0000000002f40000 Library C:\Users\Primol\AppData\Local\Opfics\qpmhudvp.dll (*** suspicious ***) @ C:\Users\Primol\Desktop\gmer.exe [2508](2015-08-09 06:33:04) 0000000002d20000 ---- EOF - GMER 2.1 ----