GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-16 11:10:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Crucial_CT256MX100SSD1 rev.MU01 238,47GB Running: 8ymbzs7r.exe; Driver: C:\Users\MATIG\AppData\Local\Temp\kwddikob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077221401 2 bytes JMP 76a3b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077221419 2 bytes JMP 76a3b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077221431 2 bytes JMP 76ab90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007722144a 2 bytes CALL 76a148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772214dd 2 bytes JMP 76ab89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772214f5 2 bytes JMP 76ab8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007722150d 2 bytes JMP 76ab88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077221525 2 bytes JMP 76ab8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007722153d 2 bytes JMP 76a2fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077221555 2 bytes JMP 76a36937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007722156d 2 bytes JMP 76ab91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077221585 2 bytes JMP 76ab8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007722159d 2 bytes JMP 76ab88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772215b5 2 bytes JMP 76a2fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772215cd 2 bytes JMP 76a3b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772216b2 2 bytes JMP 76ab906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772216bd 2 bytes JMP 76ab8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000717e17fa 2 bytes CALL 76a111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000717e1860 2 bytes CALL 76a111a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000717e1942 2 bytes JMP 76b17089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000717e194d 2 bytes JMP 76b1cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077221401 2 bytes JMP 76a3b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077221419 2 bytes JMP 76a3b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077221431 2 bytes JMP 76ab90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007722144a 2 bytes CALL 76a148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772214dd 2 bytes JMP 76ab89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772214f5 2 bytes JMP 76ab8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007722150d 2 bytes JMP 76ab88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077221525 2 bytes JMP 76ab8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007722153d 2 bytes JMP 76a2fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077221555 2 bytes JMP 76a36937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007722156d 2 bytes JMP 76ab91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077221585 2 bytes JMP 76ab8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007722159d 2 bytes JMP 76ab88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772215b5 2 bytes JMP 76a2fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772215cd 2 bytes JMP 76a3b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772216b2 2 bytes JMP 76ab906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772216bd 2 bytes JMP 76ab8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2bdc 5 bytes JMP 0000000000178d78 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077221401 2 bytes JMP 76a3b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077221419 2 bytes JMP 76a3b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077221431 2 bytes JMP 76ab90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007722144a 2 bytes CALL 76a148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772214dd 2 bytes JMP 76ab89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772214f5 2 bytes JMP 76ab8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007722150d 2 bytes JMP 76ab88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077221525 2 bytes JMP 76ab8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007722153d 2 bytes JMP 76a2fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077221555 2 bytes JMP 76a36937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007722156d 2 bytes JMP 76ab91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077221585 2 bytes JMP 76ab8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007722159d 2 bytes JMP 76ab88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772215b5 2 bytes JMP 76a2fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772215cd 2 bytes JMP 76a3b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772216b2 2 bytes JMP 76ab906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772216bd 2 bytes JMP 76ab8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077221401 2 bytes JMP 76a3b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077221419 2 bytes JMP 76a3b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077221431 2 bytes JMP 76ab90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007722144a 2 bytes CALL 76a148ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000772214dd 2 bytes JMP 76ab89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000772214f5 2 bytes JMP 76ab8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007722150d 2 bytes JMP 76ab88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077221525 2 bytes JMP 76ab8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007722153d 2 bytes JMP 76a2fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077221555 2 bytes JMP 76a36937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007722156d 2 bytes JMP 76ab91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077221585 2 bytes JMP 76ab8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007722159d 2 bytes JMP 76ab88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000772215b5 2 bytes JMP 76a2fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000772215cd 2 bytes JMP 76a3b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000772216b2 2 bytes JMP 76ab906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[692] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000772216bd 2 bytes JMP 76ab8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\rundll32.exe[2808] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000684e13b0 2 bytes JMP 75da55f8 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[2808] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000684e13c0 2 bytes CALL 75069cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\rundll32.exe[2808] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 00000000684e153e 2 bytes CALL 75e37774 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\rundll32.exe[2808] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 00000000684e1553 2 bytes CALL 76a110ff C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077221401 2 bytes JMP 76a3b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077221419 2 bytes JMP 76a3b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077221431 2 bytes JMP 76ab90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007722144a 2 bytes CALL 76a148ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000772214dd 2 bytes JMP 76ab89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000772214f5 2 bytes JMP 76ab8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007722150d 2 bytes JMP 76ab88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077221525 2 bytes JMP 76ab8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007722153d 2 bytes JMP 76a2fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077221555 2 bytes JMP 76a36937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007722156d 2 bytes JMP 76ab91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077221585 2 bytes JMP 76ab8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007722159d 2 bytes JMP 76ab88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000772215b5 2 bytes JMP 76a2fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000772215cd 2 bytes JMP 76a3b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000772216b2 2 bytes JMP 76ab906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000772216bd 2 bytes JMP 76ab8839 C:\Windows\syswow64\KERNEL32.dll ---- EOF - GMER 2.2 ----