GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-08 10:28:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000DL rev.CC32 931,51GB Running: gmer.exe; Driver: C:\Users\MIKOAJ~1\AppData\Local\Temp\fgloipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\utilTechgile.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Techgile\updateTechgile.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000757f1401 2 bytes JMP 76dcb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000757f1419 2 bytes JMP 76dcb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000757f1431 2 bytes JMP 76e48ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000757f144a 2 bytes CALL 76da48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757f14dd 2 bytes JMP 76e487a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757f14f5 2 bytes JMP 76e48978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000757f150d 2 bytes JMP 76e48698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000757f1525 2 bytes JMP 76e48a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000757f153d 2 bytes JMP 76dbfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000757f1555 2 bytes JMP 76dc68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000757f156d 2 bytes JMP 76e48f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000757f1585 2 bytes JMP 76e48ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000757f159d 2 bytes JMP 76e4865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757f15b5 2 bytes JMP 76dbfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757f15cd 2 bytes JMP 76dcb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757f16b2 2 bytes JMP 76e48e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GoHD\1a4bda0d-6432-4f29-ac70-d72a6eea055e-6.exe[3728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757f16bd 2 bytes JMP 76e485f1 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----