GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-19 21:16:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: jmnylinb.exe; Driver: C:\Users\Patryk\AppData\Local\Temp\awwdipog.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\netcut\services\AIPS.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Users\Patryk\AppData\Roaming\Dropbox\bin\Dropbox.exe[3400] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077681401 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077681419 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077681431 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007768144a 2 bytes [68, 77] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776814dd 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776814f5 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007768150d 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077681525 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007768153d 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077681555 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007768156d 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077681585 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007768159d 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776815b5 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776815cd 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776816b2 2 bytes [68, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776816bd 2 bytes [68, 77] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef89a2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef89a2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef89a7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef89a8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef89a1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef89a1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef89a81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef89a2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef89a7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef89a6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef89a77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef89a7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef89a6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef89a5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\svchost.exe [1204:2776] 000007fef5ff5388 Thread C:\Windows\system32\svchost.exe [1204:2780] 000007fef5fd7738 Thread C:\Windows\system32\svchost.exe [1204:2784] 000007fef5fc1f90 Thread C:\Windows\System32\svchost.exe [2304:2840] 000007fef6f29688 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4408:4796] 000007fefc172a7c Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1888:3976] 0000000077702e25 Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1888:3980] 00000000747965e7 Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1888:3340] 0000000074731def Thread C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [1888:4436] 0000000077703e45 Thread C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3824:5016] 0000000077702e25 Thread C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3824:4376] 0000000077703e45 Thread C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3824:3540] 0000000077703e45 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1204] 000007fefc500000 Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2304] 000007fefd2f0000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3732] 000007fef0050000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4408] 000007fef11b0000 ---- EOF - GMER 2.0 ----