GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-14 19:46:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AZRX-00A8LB0 rev.01.01A01 465,76GB Running: 2cxe8wof.exe; Driver: C:\Users\WACICI~1\AppData\Local\Temp\pwdyqkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760f1401 2 bytes JMP 761eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760f1419 2 bytes JMP 761eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760f1431 2 bytes JMP 76268f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760f144a 2 bytes CALL 761c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760f14dd 2 bytes JMP 76268822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760f14f5 2 bytes JMP 762689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760f150d 2 bytes JMP 76268718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760f1525 2 bytes JMP 76268ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760f153d 2 bytes JMP 761dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760f1555 2 bytes JMP 761e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760f156d 2 bytes JMP 76268fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760f1585 2 bytes JMP 76268b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760f159d 2 bytes JMP 762686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760f15b5 2 bytes JMP 761dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760f15cd 2 bytes JMP 761eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760f16b2 2 bytes JMP 76268ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2180] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760f16bd 2 bytes JMP 76268671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe[2408] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe[2408] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files (x86)\AVG\AVG2015\avgemca.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Program Files (x86)\AVG\AVG2015\avgemca.exe[2488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Program Files (x86)\AVG\AVG2015\avgemca.exe[2488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Program Files (x86)\AVG\AVG2015\avgemca.exe[2488] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3292] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3292] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\SearchIndexer.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\SearchIndexer.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\SearchIndexer.exe[3728] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\svchost.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Windows\system32\svchost.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Windows\system32\svchost.exe[3976] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Windows\system32\svchost.exe[3976] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\System32\WUDFHost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\System32\WUDFHost.exe[3996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\System32\WUDFHost.exe[3996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\System32\WUDFHost.exe[3996] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4020] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4020] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\conhost.exe[4704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\conhost.exe[4704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\conhost.exe[4704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\conhost.exe[4704] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\System32\svchost.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000177460128 .text C:\Windows\System32\svchost.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000177460018 .text C:\Windows\System32\svchost.exe[5612] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000774600a0 .text C:\Windows\System32\svchost.exe[5612] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\DllHost.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\DllHost.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\DllHost.exe[5228] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\DllHost.exe[5228] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\winlogon.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\winlogon.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\winlogon.exe[4852] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\winlogon.exe[4852] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\Dwm.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\Dwm.exe[4144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\Dwm.exe[4144] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\Dwm.exe[4144] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\Explorer.EXE[5516] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\Explorer.EXE[5516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\Explorer.EXE[5516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\Explorer.EXE[5516] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4060] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7132] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7132] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\conhost.exe[7696] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\conhost.exe[7696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\conhost.exe[7696] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\conhost.exe[7696] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\nvvsvc.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\nvvsvc.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\nvvsvc.exe[5024] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\nvvsvc.exe[5024] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076cb2ab1 5 bytes JMP 000000010010f4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076cb3b43 5 bytes JMP 0000000174651bb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760f1401 2 bytes JMP 761eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760f1419 2 bytes JMP 761eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760f1431 2 bytes JMP 76268f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760f144a 2 bytes CALL 761c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760f14dd 2 bytes JMP 76268822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760f14f5 2 bytes JMP 762689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760f150d 2 bytes JMP 76268718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760f1525 2 bytes JMP 76268ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760f153d 2 bytes JMP 761dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760f1555 2 bytes JMP 761e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760f156d 2 bytes JMP 76268fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760f1585 2 bytes JMP 76268b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760f159d 2 bytes JMP 762686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760f15b5 2 bytes JMP 761dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760f15cd 2 bytes JMP 761eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760f16b2 2 bytes JMP 76268ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760f16bd 2 bytes JMP 76268671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\Spotify\SpotifyWebHelper.exe[8464] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Users\Właściciel\AppData\Roaming\Spotify\SpotifyWebHelper.exe[8464] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Users\Właściciel\AppData\Roaming\Spotify\SpotifyWebHelper.exe[8464] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Users\Właściciel\AppData\Roaming\Spotify\SpotifyWebHelper.exe[8464] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076cb3b43 5 bytes JMP 0000000174651bb0 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076cb3b43 5 bytes JMP 0000000174651bb0 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760f1401 2 bytes JMP 761eb21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760f1419 2 bytes JMP 761eb346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760f1431 2 bytes JMP 76268f29 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760f144a 2 bytes CALL 761c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760f14dd 2 bytes JMP 76268822 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760f14f5 2 bytes JMP 762689f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760f150d 2 bytes JMP 76268718 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760f1525 2 bytes JMP 76268ae2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760f153d 2 bytes JMP 761dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760f1555 2 bytes JMP 761e68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760f156d 2 bytes JMP 76268fe3 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760f1585 2 bytes JMP 76268b42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760f159d 2 bytes JMP 762686dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760f15b5 2 bytes JMP 761dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760f15cd 2 bytes JMP 761eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760f16b2 2 bytes JMP 76268ea4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Właściciel\AppData\Roaming\uTorrent\uTorrent.exe[5232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760f16bd 2 bytes JMP 76268671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\taskhost.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\taskhost.exe[4112] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\taskhost.exe[4112] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\system32\DllHost.exe[8388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Windows\system32\DllHost.exe[8388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Windows\system32\DllHost.exe[8388] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Windows\system32\DllHost.exe[8388] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[6492] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[6492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[6492] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076cb3b43 5 bytes JMP 0000000174651bb0 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760f1401 2 bytes JMP 761eb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760f1419 2 bytes JMP 761eb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760f1431 2 bytes JMP 76268f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760f144a 2 bytes CALL 761c489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760f14dd 2 bytes JMP 76268822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760f14f5 2 bytes JMP 762689f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760f150d 2 bytes JMP 76268718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760f1525 2 bytes JMP 76268ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760f153d 2 bytes JMP 761dfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760f1555 2 bytes JMP 761e68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760f156d 2 bytes JMP 76268fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760f1585 2 bytes JMP 76268b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760f159d 2 bytes JMP 762686dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760f15b5 2 bytes JMP 761dfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760f15cd 2 bytes JMP 761eb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760f16b2 2 bytes JMP 76268ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[6076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760f16bd 2 bytes JMP 76268671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774bde30 5 bytes JMP 0000000077620128 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774bdf50 5 bytes JMP 0000000077620018 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1360] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007726dbc0 5 bytes JMP 00000000776200a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1360] C:\Windows\system32\KERNELBASE.dll!ResumeThread 000007fefc256be0 5 bytes JMP 000007fff7231cc0 .text C:\Windows\SysWOW64\ctfmon.exe[7560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007766fc9c 5 bytes JMP 00000001746519d0 .text C:\Windows\SysWOW64\ctfmon.exe[7560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007766fe60 5 bytes JMP 00000001746515f0 .text C:\Windows\SysWOW64\ctfmon.exe[7560] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000761d3bab 5 bytes JMP 0000000174651760 .text C:\Windows\SysWOW64\ctfmon.exe[7560] C:\Windows\syswow64\KERNELBASE.dll!ResumeThread 0000000076cb3b43 5 bytes JMP 0000000174651bb0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef693741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6935f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6935674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6935e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6937f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6936a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6936ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6937b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6937ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef69378b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6934fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6935d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6937584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.1 ----