GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-05 14:51:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005c ST500DM0 rev.KC43 465,76GB Running: 3xnenccw.exe; Driver: C:\Users\Semijah\AppData\Local\Temp\awtoypod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 0000000100d4f046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072ac17fa 2 bytes CALL 75f111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072ac1860 2 bytes CALL 75f111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072ac1942 2 bytes JMP 77647089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072ac194d 2 bytes JMP 7764cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Mobogenie\DaemonProcess.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3016] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075911401 2 bytes JMP 75f3b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075911419 2 bytes JMP 75f3b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075911431 2 bytes JMP 75fb8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007591144a 2 bytes CALL 75f1489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759114dd 2 bytes JMP 75fb8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759114f5 2 bytes JMP 75fb89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007591150d 2 bytes JMP 75fb8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075911525 2 bytes JMP 75fb8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007591153d 2 bytes JMP 75f2fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075911555 2 bytes JMP 75f368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007591156d 2 bytes JMP 75fb8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075911585 2 bytes JMP 75fb8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007591159d 2 bytes JMP 75fb86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759115b5 2 bytes JMP 75f2fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759115cd 2 bytes JMP 75f3b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759116b2 2 bytes JMP 75fb8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759116bd 2 bytes JMP 75fb8671 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef712741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7125f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7125674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7125e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7127f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7126a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7126ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7127b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7127ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef71278b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7124fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7125d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2232] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7127584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Library C:\Users\Semijah\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1740] (GG drive menu/GG Network S.A.) 000000005ff80000 ---- EOF - GMER 2.1 ----