GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-01 23:10:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 4p7ige1w.exe; Driver: C:\Users\MATI\AppData\Local\Temp\kftcqaog.sys ---- User code sections - GMER 2.0 ---- .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Windows\SysWOW64\svchost.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000707411a8 2 bytes [74, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007074127d 2 bytes [74, 70] .text ... * 6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000707413a8 2 bytes [74, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070741422 2 bytes [74, 70] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[5048] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070741498 2 bytes [74, 70] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\Desktop\otl\OTL.exe[5784] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] ? C:\Windows\system32\mssprxy.dll [4464] entry point in ".rdata" section 000000006c0e71e6 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a3f991 7 bytes {MOV EDX, 0x57ba28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a3fbd5 7 bytes {MOV EDX, 0x57ba68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a3fc05 7 bytes {MOV EDX, 0x57b9a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a3fc1d 7 bytes {MOV EDX, 0x57b928; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a3fc35 7 bytes {MOV EDX, 0x57bb28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a3fc65 7 bytes {MOV EDX, 0x57bb68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a3fce5 7 bytes {MOV EDX, 0x57bae8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a3fcfd 7 bytes {MOV EDX, 0x57baa8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a3fd49 7 bytes {MOV EDX, 0x57b868; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a3fe41 7 bytes {MOV EDX, 0x57b8a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a40099 7 bytes {MOV EDX, 0x57b828; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a410a5 7 bytes {MOV EDX, 0x57b9e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a4111d 7 bytes {MOV EDX, 0x57b968; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a41321 7 bytes {MOV EDX, 0x57b8e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a3f991 7 bytes {MOV EDX, 0x34aa28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a3fbd5 7 bytes {MOV EDX, 0x34aa68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a3fc05 7 bytes {MOV EDX, 0x34a9a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a3fc1d 7 bytes {MOV EDX, 0x34a928; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a3fc35 7 bytes {MOV EDX, 0x34ab28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a3fc65 7 bytes {MOV EDX, 0x34ab68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a3fce5 7 bytes {MOV EDX, 0x34aae8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a3fcfd 7 bytes {MOV EDX, 0x34aaa8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a3fd49 7 bytes {MOV EDX, 0x34a868; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a3fe41 7 bytes {MOV EDX, 0x34a8a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a40099 7 bytes {MOV EDX, 0x34a828; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a410a5 7 bytes {MOV EDX, 0x34a9e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a4111d 7 bytes {MOV EDX, 0x34a968; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a41321 7 bytes {MOV EDX, 0x34a8e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a3f991 7 bytes {MOV EDX, 0xa3c628; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a3fbd5 7 bytes {MOV EDX, 0xa3c668; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a3fc05 7 bytes {MOV EDX, 0xa3c5a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a3fc1d 7 bytes {MOV EDX, 0xa3c528; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a3fc35 7 bytes {MOV EDX, 0xa3c728; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a3fc65 7 bytes {MOV EDX, 0xa3c768; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a3fce5 7 bytes {MOV EDX, 0xa3c6e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a3fcfd 7 bytes {MOV EDX, 0xa3c6a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a3fd49 7 bytes {MOV EDX, 0xa3c468; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a3fe41 7 bytes {MOV EDX, 0xa3c4a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a40099 7 bytes {MOV EDX, 0xa3c428; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a410a5 7 bytes {MOV EDX, 0xa3c5e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a4111d 7 bytes {MOV EDX, 0xa3c568; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a41321 7 bytes {MOV EDX, 0xa3c4e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a3f991 7 bytes {MOV EDX, 0x6d0628; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a3fbd5 7 bytes {MOV EDX, 0x6d0668; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a3fc05 7 bytes {MOV EDX, 0x6d05a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a3fc1d 7 bytes {MOV EDX, 0x6d0528; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a3fc35 7 bytes {MOV EDX, 0x6d0728; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a3fc65 7 bytes {MOV EDX, 0x6d0768; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a3fce5 7 bytes {MOV EDX, 0x6d06e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a3fcfd 7 bytes {MOV EDX, 0x6d06a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a3fd49 7 bytes {MOV EDX, 0x6d0468; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a3fe41 7 bytes {MOV EDX, 0x6d04a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a40099 7 bytes {MOV EDX, 0x6d0428; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a410a5 7 bytes {MOV EDX, 0x6d05e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a4111d 7 bytes {MOV EDX, 0x6d0568; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a41321 7 bytes {MOV EDX, 0x6d04e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077a3f991 7 bytes {MOV EDX, 0xf89a28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077a3fbd5 7 bytes {MOV EDX, 0xf89a68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077a3fc05 7 bytes {MOV EDX, 0xf899a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077a3fc1d 7 bytes {MOV EDX, 0xf89928; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077a3fc35 7 bytes {MOV EDX, 0xf89b28; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077a3fc65 7 bytes {MOV EDX, 0xf89b68; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077a3fce5 7 bytes {MOV EDX, 0xf89ae8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077a3fcfd 7 bytes {MOV EDX, 0xf89aa8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077a3fd49 7 bytes {MOV EDX, 0xf89868; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077a3fe41 7 bytes {MOV EDX, 0xf898a8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077a40099 7 bytes {MOV EDX, 0xf89828; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077a410a5 7 bytes {MOV EDX, 0xf899e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077a4111d 7 bytes {MOV EDX, 0xf89968; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077a41321 7 bytes {MOV EDX, 0xf898e8; JMP RDX} .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075191401 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075191419 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075191431 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007519144a 2 bytes [19, 75] .text ... * 9 .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751914dd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751914f5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007519150d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075191525 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007519153d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075191555 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007519156d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075191585 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007519159d 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751915b5 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751915cd 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751916b2 2 bytes [19, 75] .text C:\Users\MATI\AppData\Local\Google\Chrome\Application\chrome.exe[5520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751916bd 2 bytes [19, 75] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef8302750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef8302b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef8307de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef8308130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef8301908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef8301c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef83081d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef8302878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef8307a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef8306c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef83077bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef8307064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef8306544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2684] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef8305e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Windows\system32\svchost.exe [628:5508] 000007fefced4af4 Thread C:\Windows\system32\svchost.exe [1196:1324] 000007fefbc18274 Thread C:\Windows\system32\svchost.exe [1196:2080] 000007fefbc18274 Thread C:\Windows\system32\taskhost.exe [2096:2176] 000007fef9121f38 Thread C:\Windows\system32\taskhost.exe [2096:2240] 000007fefbd81010 Thread C:\Windows\system32\Dwm.exe [2248:1792] 000007fef8f2f0d8 Thread C:\Windows\system32\Dwm.exe [2248:3204] 000007fef930abf0 Thread C:\Windows\system32\svchost.exe [4028:4260] 000007fef5cff130 Thread C:\Windows\system32\svchost.exe [4028:4740] 000007fef5cf4734 Thread C:\Windows\system32\svchost.exe [4028:4608] 000007fef5cf4734 Thread C:\Windows\system32\svchost.exe [4028:5216] 000007fef6395f1c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:5476] 000007fefc2e2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:5548] 000007feebabd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:5576] 000007feebabd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:5580] 000007feebabd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:5588] 000007feebabd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5148:4840] 000007fef8a25124 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbcec5f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbcec5f (not active ControlSet) ---- EOF - GMER 2.0 ----