GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-02 17:55:29 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 CT250BX100SSD1 rev.MU02 232,89GB Running: h9n2mnvr.exe; Driver: C:\Users\R\AppData\Local\Temp\axloauog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077dc1401 2 bytes JMP 773eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077dc1419 2 bytes JMP 773eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077dc1431 2 bytes JMP 77468f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077dc144a 2 bytes CALL 773c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077dc14dd 2 bytes JMP 77468822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077dc14f5 2 bytes JMP 774689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077dc150d 2 bytes JMP 77468718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077dc1525 2 bytes JMP 77468ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077dc153d 2 bytes JMP 773dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077dc1555 2 bytes JMP 773e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077dc156d 2 bytes JMP 77468fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077dc1585 2 bytes JMP 77468b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077dc159d 2 bytes JMP 774686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077dc15b5 2 bytes JMP 773dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077dc15cd 2 bytes JMP 773eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077dc16b2 2 bytes JMP 77468ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077dc16bd 2 bytes JMP 77468671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000731511a8 2 bytes [15, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007315127d 2 bytes CALL 773c14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000073151310 2 bytes CALL 773c14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000731513a8 2 bytes [15, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073151422 2 bytes [15, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2468] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073151498 2 bytes [15, 73] .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000731511a8 2 bytes [15, 73] .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007315127d 2 bytes CALL 773c14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000073151310 2 bytes CALL 773c14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000731513a8 2 bytes [15, 73] .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073151422 2 bytes [15, 73] .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073151498 2 bytes [15, 73] .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000073a01825 2 bytes JMP 76d3613d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000073a01830 2 bytes JMP 76d3615d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000073a0183b 2 bytes JMP 76d3617d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000073a01846 2 bytes JMP 76d35a1d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000073a01851 2 bytes JMP 76d3619d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000073a0185c 2 bytes JMP 76d3627d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000073a01867 2 bytes JMP 76d3629d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000073a01872 2 bytes JMP 76d362bd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000073a0187d 2 bytes JMP 76d362dd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000073a01888 2 bytes JMP 76d35a3d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000073a01893 2 bytes JMP 76d362fd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000073a0189e 2 bytes JMP 76d35abd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000073a018a9 2 bytes JMP 76d3631d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000073a018b4 2 bytes JMP 76d3633d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000073a018bf 2 bytes JMP 76d01fcb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000073a018ca 2 bytes JMP 76d3637d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000073a018d5 2 bytes JMP 76d35add C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000073a018e0 2 bytes JMP 76d35b5d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000073a018eb 2 bytes JMP 76d35b7d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000073a018f6 2 bytes JMP 76d368dd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000073a01901 2 bytes JMP 76d35a9d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000073a0190c 2 bytes JMP 76d368fd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000073a01917 2 bytes JMP 76d3693d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000073a01922 2 bytes JMP 76d35afd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000073a0192d 2 bytes JMP 76d3695d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000073a01938 2 bytes JMP 76d3697d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000073a01943 2 bytes JMP 76d3699d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000073a0194e 2 bytes JMP 76d369bd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000073a01959 2 bytes JMP 76d369dd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000073a01964 2 bytes JMP 76d369fd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000073a0196f 2 bytes JMP 76d36a1d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000073a0197a 2 bytes JMP 76d36a3d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000073a01985 2 bytes JMP 76d36a5d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000073a01990 2 bytes JMP 76d36a7d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000073a0199b 2 bytes JMP 76d36a9d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000073a019a6 2 bytes JMP 76d36abd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000073a019b1 2 bytes JMP 76d36add C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000073a019bc 2 bytes JMP 76d36afd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000073a019c7 2 bytes JMP 76d36b1d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000073a019d2 2 bytes JMP 76d36b3d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000073a019dd 2 bytes JMP 76d35b9d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000073a019e8 2 bytes JMP 76d36b7d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000073a019f3 2 bytes JMP 76d36b9d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000073a019fe 2 bytes JMP 76d36bdb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000073a01a09 2 bytes JMP 76d36bfb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000073a01a14 2 bytes JMP 76d36c1b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000073a01a1f 2 bytes JMP 76d35b1d C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000073a01a2a 2 bytes JMP 76d36c3b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000073a01a35 2 bytes JMP 76d36c5b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000073a01a40 2 bytes JMP 76d36c7b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000073a01a4b 2 bytes JMP 76d36c9b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000073a01a56 2 bytes JMP 76d36cbb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000073a01a61 2 bytes JMP 76d36cdb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000073a01a6c 2 bytes JMP 76d35bbd C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000073a01a77 2 bytes JMP 76d36cfb C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000073a01a82 2 bytes JMP 76d36d1b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe[4044] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000073a01ab2 2 bytes JMP 76efdc75 C:\Windows\syswow64\msvcrt.dll ? C:\Windows\system32\mssprxy.dll [1736] entry point in ".rdata" section 0000000072df71e6 ---- Processes - GMER 2.1 ---- Library C:\Users\R\AppData\Local\Temp\nsi9B17.tmp\Lang\ENU.dll (*** suspicious ***) @ C:\Users\R\AppData\Local\Temp\~nsu.tmp\Au_.exe [1736](2015-06-18 12:54:14) 0000000073e30000 Library C:\Users\R\AppData\Local\Temp\nsi9B17.tmp\Lang\PLK.dll (*** suspicious ***) @ C:\Users\R\AppData\Local\Temp\~nsu.tmp\Au_.exe [1736](2015-11-02 16:31:53) 0000000067950000 Library C:\Users\R\AppData\Local\Temp\nsi9B17.tmp\InstallOptions.dll (*** suspicious ***) @ C:\Users\R\AppData\Local\Temp\~nsu.tmp\Au_.exe [1736](2015-11-02 16:31:53) 0000000010000000 Library C:\Users\R\AppData\Local\Temp\nsi9B17.tmp\System.dll (*** suspicious ***) @ C:\Users\R\AppData\Local\Temp\~nsu.tmp\Au_.exe [1736](2 0000000004a10000 ---- Files - GMER 2.1 ---- File C:\Users\R\AppData\Local\Opera Software\Opera Stable\Cache\f_00282e 399613 bytes File C:\Users\R\AppData\Local\Opera Software\Opera Stable\Cache\f_00282f 1859217 bytes File C:\Users\R\AppData\Local\Opera Software\Opera Stable\Cache\f_0027b1 54588 bytes ---- EOF - GMER 2.1 ----