GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-24 18:50:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000091 ST500LT0 rev.0001 465,76GB Running: kmu6fvzf.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\pwdiqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[972] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076ad9040 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750c1401 2 bytes JMP 74c1b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750c1419 2 bytes JMP 74c1b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750c1431 2 bytes JMP 74c99011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750c144a 2 bytes CALL 74bf48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750c14dd 2 bytes JMP 74c9890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750c14f5 2 bytes JMP 74c98ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750c150d 2 bytes JMP 74c98800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750c1525 2 bytes JMP 74c98bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750c153d 2 bytes JMP 74c0fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750c1555 2 bytes JMP 74c16907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750c156d 2 bytes JMP 74c990c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750c1585 2 bytes JMP 74c98c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750c159d 2 bytes JMP 74c987c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750c15b5 2 bytes JMP 74c0fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750c15cd 2 bytes JMP 74c1b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750c16b2 2 bytes JMP 74c98f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[2544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750c16bd 2 bytes JMP 74c98759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000690a11a8 2 bytes [0A, 69] .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000690a127d 2 bytes CALL 74bf14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000690a1310 2 bytes CALL 74bf14c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000690a13a8 2 bytes [0A, 69] .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000690a1422 2 bytes [0A, 69] .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000690a1498 2 bytes [0A, 69] .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000068e41825 2 bytes JMP 75176365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000068e41830 2 bytes JMP 75176385 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 0000000068e4183b 2 bytes JMP 751763a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000068e41846 2 bytes JMP 75175c45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000068e41851 2 bytes JMP 751763c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 0000000068e4185c 2 bytes JMP 751764a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000068e41867 2 bytes JMP 751764c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000068e41872 2 bytes JMP 751764e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 0000000068e4187d 2 bytes JMP 75176505 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000068e41888 2 bytes JMP 75175c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000068e41893 2 bytes JMP 75176525 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 0000000068e4189e 2 bytes JMP 75175ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 0000000068e418a9 2 bytes JMP 75176545 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 0000000068e418b4 2 bytes JMP 75176565 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 0000000068e418bf 2 bytes JMP 7514228b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 0000000068e418ca 2 bytes JMP 751765a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 0000000068e418d5 2 bytes JMP 75175d05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 0000000068e418e0 2 bytes JMP 75175d85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 0000000068e418eb 2 bytes JMP 75175da5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 0000000068e418f6 2 bytes JMP 75176b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000068e41901 2 bytes JMP 75175cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 0000000068e4190c 2 bytes JMP 75176b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000068e41917 2 bytes JMP 75176b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000068e41922 2 bytes JMP 75175d25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 0000000068e4192d 2 bytes JMP 75176b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000068e41938 2 bytes JMP 75176ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000068e41943 2 bytes JMP 75176bc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 0000000068e4194e 2 bytes JMP 75176be5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000068e41959 2 bytes JMP 75176c05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000068e41964 2 bytes JMP 75176c25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 0000000068e4196f 2 bytes JMP 75176c45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 0000000068e4197a 2 bytes JMP 75176c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000068e41985 2 bytes JMP 75176c85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000068e41990 2 bytes JMP 75176ca5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 0000000068e4199b 2 bytes JMP 75176cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 0000000068e419a6 2 bytes JMP 75176ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 0000000068e419b1 2 bytes JMP 75176d05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 0000000068e419bc 2 bytes JMP 75176d25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 0000000068e419c7 2 bytes JMP 75176d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 0000000068e419d2 2 bytes JMP 75176d65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 0000000068e419dd 2 bytes JMP 75175dc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 0000000068e419e8 2 bytes JMP 75176da5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 0000000068e419f3 2 bytes JMP 75176dc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 0000000068e419fe 2 bytes JMP 75176e03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000068e41a09 2 bytes JMP 75176e23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000068e41a14 2 bytes JMP 75176e43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000068e41a1f 2 bytes JMP 75175d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000068e41a2a 2 bytes JMP 75176e63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000068e41a35 2 bytes JMP 75176e83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000068e41a40 2 bytes JMP 75176ea3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000068e41a4b 2 bytes JMP 75176ec3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000068e41a56 2 bytes JMP 75176ee3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000068e41a61 2 bytes JMP 75176f03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000068e41a6c 2 bytes JMP 75175de5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000068e41a77 2 bytes JMP 75176f23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000068e41a82 2 bytes JMP 75176f43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe[2992] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000068e41ab2 2 bytes JMP 75b0dc75 C:\Windows\syswow64\msvcrt.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000750c1401 2 bytes JMP 74c1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000750c1419 2 bytes JMP 74c1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000750c1431 2 bytes JMP 74c99011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000750c144a 2 bytes CALL 74bf48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750c14dd 2 bytes JMP 74c9890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750c14f5 2 bytes JMP 74c98ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000750c150d 2 bytes JMP 74c98800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000750c1525 2 bytes JMP 74c98bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000750c153d 2 bytes JMP 74c0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000750c1555 2 bytes JMP 74c16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000750c156d 2 bytes JMP 74c990c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000750c1585 2 bytes JMP 74c98c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000750c159d 2 bytes JMP 74c987c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750c15b5 2 bytes JMP 74c0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750c15cd 2 bytes JMP 74c1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750c16b2 2 bytes JMP 74c98f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[4876] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750c16bd 2 bytes JMP 74c98759 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5276:5944] 000007fef9ee2af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5276:6832] 000007fecfc15648 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689de1aec1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689de1aec1@002186651989 0x68 0x58 0x41 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689de1aec1@0c413e94c908 0x5D 0xF7 0x59 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689de1aec1@58482204e80a 0x09 0x9A 0xC2 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689de1aec1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689de1aec1@002186651989 0x68 0x58 0x41 0x8B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689de1aec1@0c413e94c908 0x5D 0xF7 0x59 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689de1aec1@58482204e80a 0x09 0x9A 0xC2 0xB2 ... ---- EOF - GMER 2.1 ----