GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-18 17:18:12 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C 298,09GB Running: ovl7h242.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\aftcaaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1444] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756fd03c 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1444] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1444] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073281a22 2 bytes [28, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073281ad0 2 bytes [28, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073281b08 2 bytes [28, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073281bba 2 bytes [28, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073281bda 2 bytes [28, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4084] entry point in ".rdata" section 00000000714571e6 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007786f941 7 bytes {MOV EDX, 0x646a28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007786fb85 7 bytes {MOV EDX, 0x646a68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007786fbb5 7 bytes {MOV EDX, 0x6469a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007786fbcd 7 bytes {MOV EDX, 0x646928; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007786fbe5 7 bytes {MOV EDX, 0x646b28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007786fc15 7 bytes {MOV EDX, 0x646b68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007786fc95 7 bytes {MOV EDX, 0x646ae8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007786fcad 7 bytes {MOV EDX, 0x646aa8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007786fcf9 7 bytes {MOV EDX, 0x646868; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007786fdf1 7 bytes {MOV EDX, 0x6468a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077870049 7 bytes {MOV EDX, 0x646828; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077871055 7 bytes {MOV EDX, 0x6469e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000778710cd 7 bytes {MOV EDX, 0x646968; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000778712d1 7 bytes {MOV EDX, 0x6468e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007786f941 7 bytes {MOV EDX, 0xdc1e28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007786fb85 7 bytes {MOV EDX, 0xdc1e68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007786fbb5 7 bytes {MOV EDX, 0xdc1da8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007786fbcd 7 bytes {MOV EDX, 0xdc1d28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007786fbe5 7 bytes {MOV EDX, 0xdc1f28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007786fc15 7 bytes {MOV EDX, 0xdc1f68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007786fc95 7 bytes {MOV EDX, 0xdc1ee8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007786fcad 7 bytes {MOV EDX, 0xdc1ea8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007786fcf9 7 bytes {MOV EDX, 0xdc1c68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007786fdf1 7 bytes {MOV EDX, 0xdc1ca8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077870049 7 bytes {MOV EDX, 0xdc1c28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077871055 7 bytes {MOV EDX, 0xdc1de8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000778710cd 7 bytes {MOV EDX, 0xdc1d68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000778712d1 7 bytes {MOV EDX, 0xdc1ce8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[5096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007786f941 7 bytes {MOV EDX, 0xcf3e28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007786fb85 7 bytes {MOV EDX, 0xcf3e68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007786fbb5 7 bytes {MOV EDX, 0xcf3da8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007786fbcd 7 bytes {MOV EDX, 0xcf3d28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007786fbe5 7 bytes {MOV EDX, 0xcf3f28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007786fc15 7 bytes {MOV EDX, 0xcf3f68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007786fc95 7 bytes {MOV EDX, 0xcf3ee8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007786fcad 7 bytes {MOV EDX, 0xcf3ea8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007786fcf9 7 bytes {MOV EDX, 0xcf3c68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007786fdf1 7 bytes {MOV EDX, 0xcf3ca8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077870049 7 bytes {MOV EDX, 0xcf3c28; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077871055 7 bytes {MOV EDX, 0xcf3de8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000778710cd 7 bytes {MOV EDX, 0xcf3d68; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000778712d1 7 bytes {MOV EDX, 0xcf3ce8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007786f941 7 bytes {MOV EDX, 0xf27628; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007786fb85 7 bytes {MOV EDX, 0xf27668; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007786fbb5 7 bytes {MOV EDX, 0xf275a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007786fbcd 7 bytes {MOV EDX, 0xf27528; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007786fbe5 7 bytes {MOV EDX, 0xf27728; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007786fc15 7 bytes {MOV EDX, 0xf27768; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007786fc95 7 bytes {MOV EDX, 0xf276e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007786fcad 7 bytes {MOV EDX, 0xf276a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007786fcf9 7 bytes {MOV EDX, 0xf27468; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007786fdf1 7 bytes {MOV EDX, 0xf274a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077870049 7 bytes {MOV EDX, 0xf27428; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077871055 7 bytes {MOV EDX, 0xf275e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000778710cd 7 bytes {MOV EDX, 0xf27568; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000778712d1 7 bytes {MOV EDX, 0xf274e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007786f941 7 bytes {MOV EDX, 0x417628; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007786fb85 7 bytes {MOV EDX, 0x417668; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007786fbb5 7 bytes {MOV EDX, 0x4175a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007786fbcd 7 bytes {MOV EDX, 0x417528; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007786fbe5 7 bytes {MOV EDX, 0x417728; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007786fc15 7 bytes {MOV EDX, 0x417768; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007786fc95 7 bytes {MOV EDX, 0x4176e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007786fcad 7 bytes {MOV EDX, 0x4176a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007786fcf9 7 bytes {MOV EDX, 0x417468; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007786fdf1 7 bytes {MOV EDX, 0x4174a8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077870049 7 bytes {MOV EDX, 0x417428; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077871055 7 bytes {MOV EDX, 0x4175e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000778710cd 7 bytes {MOV EDX, 0x417568; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000778712d1 7 bytes {MOV EDX, 0x4174e8; JMP RDX} .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76] .text C:\Users\Kiki\AppData\Local\Google\Chrome\Application\old_chrome.exe[1068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\syswow64\svchost.exe [3164:3652] 00000000001d10d0 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3216:3760] 000007fefc102a88 ---- EOF - GMER 2.1 ----