GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-17 18:17:00 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEKT-00PVMT0 rev.01.01A01 232,89GB Running: ipbq6lyk.exe; Driver: C:\Users\User\AppData\Local\Temp\kwtdapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1024] ntdll.dll!RtlExitUserThread 77311C8F 5 Bytes JMP 6D4A6447 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] kernel32.dll!TerminateThread 763244DB 5 Bytes JMP 6D4A6460 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] kernel32.dll!CreateThread 7632CBEE 5 Bytes JMP 6D4A63A3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateDialogParamW 759972A2 5 Bytes JMP 6D4A5D9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!GetAsyncKeyState 7599863C 5 Bytes JMP 6D4A69D2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!SetWindowsHookExW 759987AD 5 Bytes JMP 6D4A5BF1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CallNextHookEx 75998E3B 5 Bytes JMP 6D4A5C9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!UnhookWindowsHookEx 759998DB 5 Bytes JMP 6D4A5C67 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!EnableWindow 7599CD8B 5 Bytes JMP 6D4A5E42 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DefWindowProcA 7599DB88 7 Bytes JMP 6D4A6306 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateWindowExA 7599DC2A 5 Bytes JMP 6D4A5B01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateWindowExW 759A1305 5 Bytes JMP 6D4A5B79 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!GetKeyState 759A8CB1 5 Bytes JMP 6D4A696E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DefWindowProcW 759B03B4 7 Bytes JMP 6D4A62BD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!IsDialogMessageW 759B0745 5 Bytes JMP 6D4A6A69 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateDialogParamA 759B17AA 5 Bytes JMP 6D4A5D62 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!IsDialogMessage 759B1847 5 Bytes JMP 6D4A6A41 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateDialogIndirectParamA 759B26F1 5 Bytes JMP 6D4A5DD2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!CreateDialogIndirectParamW 759B9A62 5 Bytes JMP 6D4A5E0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!SetKeyboardState 759C0987 5 Bytes JMP 6D4A72EF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DialogBoxParamW 759C10B0 5 Bytes JMP 6D4A569A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DialogBoxIndirectParamW 759C2EF5 5 Bytes JMP 6D4A5764 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!SendInput 759C2F75 5 Bytes JMP 6D4A7297 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!EndDialog 759C326E 5 Bytes JMP 6D4A6D15 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!SetCursorPos 759D6FB2 5 Bytes JMP 6D4A7370 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DialogBoxParamA 759D8152 5 Bytes JMP 6D4A56FF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!DialogBoxIndirectParamA 759D847D 5 Bytes JMP 6D4A57C9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!MessageBoxIndirectA 759ED4D9 5 Bytes JMP 6D4A5621 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!MessageBoxIndirectW 759ED5D3 5 Bytes JMP 6D4A55A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!MessageBoxExA 759ED639 5 Bytes JMP 6D4A5544 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!MessageBoxExW 759ED65D 5 Bytes JMP 6D4A54E0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] USER32.dll!keybd_event 759ED972 5 Bytes JMP 6D4A7254 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1024] SHELL32.dll!SHRestricted + D95 76838908 4 Bytes [F9, 1C, CE, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[1024] SHELL32.dll!SHRestricted + D9D 76838910 8 Bytes [53, 1C, CE, 69, B6, 74, CD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[1024] ole32.dll!OleLoadFromStream 75AD1E78 5 Bytes JMP 6D4A663C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] ntdll.dll!RtlExitUserThread 77311C8F 5 Bytes JMP 6D4A6447 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] kernel32.dll!TerminateThread 763244DB 5 Bytes JMP 6D4A6460 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] kernel32.dll!CreateThread 7632CBEE 5 Bytes JMP 6D4A63A3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateDialogParamW 759972A2 5 Bytes JMP 6D4A5D9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!GetAsyncKeyState 7599863C 5 Bytes JMP 6D4A69D2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!SetWindowsHookExW 759987AD 5 Bytes JMP 6D4A5BF1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CallNextHookEx 75998E3B 5 Bytes JMP 6D4A5C9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!UnhookWindowsHookEx 759998DB 5 Bytes JMP 6D4A5C67 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!EnableWindow 7599CD8B 5 Bytes JMP 6D4A5E42 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DefWindowProcA 7599DB88 7 Bytes JMP 6D4A6306 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateWindowExA 7599DC2A 5 Bytes JMP 6D4A5B01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateWindowExW 759A1305 5 Bytes JMP 6D4A5B79 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!GetKeyState 759A8CB1 5 Bytes JMP 6D4A696E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DefWindowProcW 759B03B4 7 Bytes JMP 6D4A62BD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!IsDialogMessageW 759B0745 5 Bytes JMP 6D4A6A69 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateDialogParamA 759B17AA 5 Bytes JMP 6D4A5D62 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!IsDialogMessage 759B1847 5 Bytes JMP 6D4A6A41 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateDialogIndirectParamA 759B26F1 5 Bytes JMP 6D4A5DD2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!CreateDialogIndirectParamW 759B9A62 5 Bytes JMP 6D4A5E0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!SetKeyboardState 759C0987 5 Bytes JMP 6D4A72EF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamW 759C10B0 5 Bytes JMP 6D4A569A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamW 759C2EF5 5 Bytes JMP 6D4A5764 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!SendInput 759C2F75 5 Bytes JMP 6D4A7297 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!EndDialog 759C326E 5 Bytes JMP 6D4A6D15 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!SetCursorPos 759D6FB2 5 Bytes JMP 6D4A7370 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxParamA 759D8152 5 Bytes JMP 6D4A56FF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!DialogBoxIndirectParamA 759D847D 5 Bytes JMP 6D4A57C9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectA 759ED4D9 5 Bytes JMP 6D4A5621 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxIndirectW 759ED5D3 5 Bytes JMP 6D4A55A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExA 759ED639 5 Bytes JMP 6D4A5544 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!MessageBoxExW 759ED65D 5 Bytes JMP 6D4A54E0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] USER32.dll!keybd_event 759ED972 5 Bytes JMP 6D4A7254 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1632] SHELL32.dll!SHRestricted + D95 76838908 4 Bytes [F9, 1C, CE, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[1632] SHELL32.dll!SHRestricted + D9D 76838910 8 Bytes [53, 1C, CE, 69, B6, 74, CD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[1632] ole32.dll!OleLoadFromStream 75AD1E78 5 Bytes JMP 6D4A663C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] ntdll.dll!RtlExitUserThread 77311C8F 5 Bytes JMP 6D4A6447 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] kernel32.dll!TerminateThread 763244DB 5 Bytes JMP 6D4A6460 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] kernel32.dll!CreateThread 7632CBEE 5 Bytes JMP 6D4A63A3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateDialogParamW 759972A2 5 Bytes JMP 6D4A5D9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!GetAsyncKeyState 7599863C 5 Bytes JMP 6D4A69D2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!SetWindowsHookExW 759987AD 5 Bytes JMP 6D4A5BF1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CallNextHookEx 75998E3B 5 Bytes JMP 6D4A5C9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!UnhookWindowsHookEx 759998DB 5 Bytes JMP 6D4A5C67 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!EnableWindow 7599CD8B 5 Bytes JMP 6D4A5E42 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DefWindowProcA 7599DB88 7 Bytes JMP 6D4A6306 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateWindowExA 7599DC2A 5 Bytes JMP 6D4A5B01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateWindowExW 759A1305 5 Bytes JMP 6D4A5B79 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!GetKeyState 759A8CB1 5 Bytes JMP 6D4A696E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DefWindowProcW 759B03B4 7 Bytes JMP 6D4A62BD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!IsDialogMessageW 759B0745 5 Bytes JMP 6D4A6A69 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateDialogParamA 759B17AA 5 Bytes JMP 6D4A5D62 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!IsDialogMessage 759B1847 5 Bytes JMP 6D4A6A41 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateDialogIndirectParamA 759B26F1 5 Bytes JMP 6D4A5DD2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateDialogIndirectParamW 759B9A62 5 Bytes JMP 6D4A5E0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!SetKeyboardState 759C0987 5 Bytes JMP 6D4A72EF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxParamW 759C10B0 5 Bytes JMP 6D4A569A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxIndirectParamW 759C2EF5 5 Bytes JMP 6D4A5764 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!SendInput 759C2F75 5 Bytes JMP 6D4A7297 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!EndDialog 759C326E 5 Bytes JMP 6D4A6D15 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!SetCursorPos 759D6FB2 5 Bytes JMP 6D4A7370 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxParamA 759D8152 5 Bytes JMP 6D4A56FF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxIndirectParamA 759D847D 5 Bytes JMP 6D4A57C9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxIndirectA 759ED4D9 5 Bytes JMP 6D4A5621 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxIndirectW 759ED5D3 5 Bytes JMP 6D4A55A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxExA 759ED639 5 Bytes JMP 6D4A5544 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxExW 759ED65D 5 Bytes JMP 6D4A54E0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!keybd_event 759ED972 5 Bytes JMP 6D4A7254 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2216] SHELL32.dll!SHRestricted + D95 76838908 4 Bytes [F9, 1C, CE, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[2216] SHELL32.dll!SHRestricted + D9D 76838910 8 Bytes [53, 1C, CE, 69, B6, 74, CD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[2216] ole32.dll!OleLoadFromStream 75AD1E78 5 Bytes JMP 6D4A663C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!EnableWindow 7599CD8B 5 Bytes JMP 6D4A5E42 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamW 759C10B0 5 Bytes JMP 6D4A569A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamW 759C2EF5 5 Bytes JMP 6D4A5764 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxParamA 759D8152 5 Bytes JMP 6D4A56FF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!DialogBoxIndirectParamA 759D847D 5 Bytes JMP 6D4A57C9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectA 759ED4D9 5 Bytes JMP 6D4A5621 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxIndirectW 759ED5D3 5 Bytes JMP 6D4A55A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExA 759ED639 5 Bytes JMP 6D4A5544 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3740] USER32.dll!MessageBoxExW 759ED65D 5 Bytes JMP 6D4A54E0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ntdll.dll!RtlExitUserThread 77311C8F 5 Bytes JMP 6D4A6447 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!TerminateThread 763244DB 5 Bytes JMP 6D4A6460 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] kernel32.dll!CreateThread 7632CBEE 5 Bytes JMP 6D4A63A3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateDialogParamW 759972A2 5 Bytes JMP 6D4A5D9A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!GetAsyncKeyState 7599863C 5 Bytes JMP 6D4A69D2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!SetWindowsHookExW 759987AD 5 Bytes JMP 6D4A5BF1 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CallNextHookEx 75998E3B 5 Bytes JMP 6D4A5C9B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!UnhookWindowsHookEx 759998DB 5 Bytes JMP 6D4A5C67 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!EnableWindow 7599CD8B 5 Bytes JMP 6D4A5E42 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DefWindowProcA 7599DB88 7 Bytes JMP 6D4A6306 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateWindowExA 7599DC2A 5 Bytes JMP 6D4A5B01 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateWindowExW 759A1305 5 Bytes JMP 6D4A5B79 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!GetKeyState 759A8CB1 5 Bytes JMP 6D4A696E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DefWindowProcW 759B03B4 7 Bytes JMP 6D4A62BD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!IsDialogMessageW 759B0745 5 Bytes JMP 6D4A6A69 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateDialogParamA 759B17AA 5 Bytes JMP 6D4A5D62 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!IsDialogMessage 759B1847 5 Bytes JMP 6D4A6A41 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateDialogIndirectParamA 759B26F1 5 Bytes JMP 6D4A5DD2 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!CreateDialogIndirectParamW 759B9A62 5 Bytes JMP 6D4A5E0A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!SetKeyboardState 759C0987 5 Bytes JMP 6D4A72EF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxParamW 759C10B0 5 Bytes JMP 6D4A569A C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxIndirectParamW 759C2EF5 5 Bytes JMP 6D4A5764 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!SendInput 759C2F75 5 Bytes JMP 6D4A7297 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!EndDialog 759C326E 5 Bytes JMP 6D4A6D15 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!SetCursorPos 759D6FB2 5 Bytes JMP 6D4A7370 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxParamA 759D8152 5 Bytes JMP 6D4A56FF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!DialogBoxIndirectParamA 759D847D 5 Bytes JMP 6D4A57C9 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxIndirectA 759ED4D9 5 Bytes JMP 6D4A5621 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxIndirectW 759ED5D3 5 Bytes JMP 6D4A55A8 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxExA 759ED639 5 Bytes JMP 6D4A5544 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!MessageBoxExW 759ED65D 5 Bytes JMP 6D4A54E0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] USER32.dll!keybd_event 759ED972 5 Bytes JMP 6D4A7254 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3784] SHELL32.dll!SHRestricted + D95 76838908 4 Bytes [F9, 1C, CE, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[3784] SHELL32.dll!SHRestricted + D9D 76838910 8 Bytes [53, 1C, CE, 69, B6, 74, CD, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3784] ole32.dll!OleLoadFromStream 75AD1E78 5 Bytes JMP 6D4A663C C:\Windows\system32\IEFRAME.dll ---- Devices - GMER 2.1 ---- Device \Driver\BTHUSB \Device\00000067 bthport.sys Device \Driver\BTHUSB \Device\00000069 bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269bfe6e5 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269bfe6e5 (not active ControlSet) ---- EOF - GMER 2.1 ----