GMER 2.0.18454 - http://www.gmer.net Rootkit scan 2013-02-02 16:40:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 KINGSTON_SH103S3120G rev.501ABBF0 111,79GB Running: s42fsdnk.exe; Driver: d:\temp\pwtoapow.sys ---- Kernel code sections - GMER 2.0 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000103c00 7 bytes [C0, A0, F3, FF, 01, AC, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 9 fffff96000103c09 2 bytes [06, 02] ---- User code sections - GMER 2.0 ---- .text C:\Windows\system32\Dwm.exe[1596] C:\Windows\system32\d3d11.dll!D3D11CreateDeviceAndSwapChain 000007fefa67fef0 9 bytes {MOV RAX, 0x705e4600; JMP RAX} .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764a87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1528] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073a517fa 2 bytes [A5, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073a51860 2 bytes [A5, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073a51942 2 bytes [A5, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073a5194d 2 bytes [A5, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] ? C:\Windows\system32\mssprxy.dll [4256] entry point in ".rdata" section 00000000705971e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e6f991 7 bytes {MOV EDX, 0x5ab628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e6fbd5 7 bytes {MOV EDX, 0x5ab668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e6fc05 7 bytes {MOV EDX, 0x5ab5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e6fc1d 7 bytes {MOV EDX, 0x5ab528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e6fc35 7 bytes {MOV EDX, 0x5ab728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e6fc65 7 bytes {MOV EDX, 0x5ab768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e6fce5 7 bytes {MOV EDX, 0x5ab6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e6fcfd 7 bytes {MOV EDX, 0x5ab6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e6fd49 7 bytes {MOV EDX, 0x5ab468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e6fe41 7 bytes {MOV EDX, 0x5ab4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e70099 7 bytes {MOV EDX, 0x5ab428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e710a5 7 bytes {MOV EDX, 0x5ab5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e7111d 7 bytes {MOV EDX, 0x5ab568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e71321 7 bytes {MOV EDX, 0x5ab4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e6f991 7 bytes {MOV EDX, 0x7aaa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e6fbd5 7 bytes {MOV EDX, 0x7aaa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e6fc05 7 bytes {MOV EDX, 0x7aa9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e6fc1d 7 bytes {MOV EDX, 0x7aa928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e6fc35 7 bytes {MOV EDX, 0x7aab28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e6fc65 7 bytes {MOV EDX, 0x7aab68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e6fce5 7 bytes {MOV EDX, 0x7aaae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e6fcfd 7 bytes {MOV EDX, 0x7aaaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e6fd49 7 bytes {MOV EDX, 0x7aa868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e6fe41 7 bytes {MOV EDX, 0x7aa8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e70099 7 bytes {MOV EDX, 0x7aa828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e710a5 7 bytes {MOV EDX, 0x7aa9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e7111d 7 bytes {MOV EDX, 0x7aa968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e71321 7 bytes {MOV EDX, 0x7aa8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e6f991 7 bytes {MOV EDX, 0xe8ba28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e6fbd5 7 bytes {MOV EDX, 0xe8ba68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e6fc05 7 bytes {MOV EDX, 0xe8b9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e6fc1d 7 bytes {MOV EDX, 0xe8b928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e6fc35 7 bytes {MOV EDX, 0xe8bb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e6fc65 7 bytes {MOV EDX, 0xe8bb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e6fce5 7 bytes {MOV EDX, 0xe8bae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e6fcfd 7 bytes {MOV EDX, 0xe8baa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e6fd49 7 bytes {MOV EDX, 0xe8b868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e6fe41 7 bytes {MOV EDX, 0xe8b8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e70099 7 bytes {MOV EDX, 0xe8b828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e710a5 7 bytes {MOV EDX, 0xe8b9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e7111d 7 bytes {MOV EDX, 0xe8b968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e71321 7 bytes {MOV EDX, 0xe8b8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Users\Lechu\Desktop\OTL.exe[408] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e6f991 7 bytes {MOV EDX, 0x8ea228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e6fbd5 7 bytes {MOV EDX, 0x8ea268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e6fc05 7 bytes {MOV EDX, 0x8ea1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e6fc1d 7 bytes {MOV EDX, 0x8ea128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e6fc35 7 bytes {MOV EDX, 0x8ea328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e6fc65 7 bytes {MOV EDX, 0x8ea368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e6fce5 7 bytes {MOV EDX, 0x8ea2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e6fcfd 7 bytes {MOV EDX, 0x8ea2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e6fd49 7 bytes {MOV EDX, 0x8ea068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e6fe41 7 bytes {MOV EDX, 0x8ea0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e70099 7 bytes {MOV EDX, 0x8ea028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e710a5 7 bytes {MOV EDX, 0x8ea1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e7111d 7 bytes {MOV EDX, 0x8ea168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e71321 7 bytes {MOV EDX, 0x8ea0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes [0D, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes [0D, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes [0D, 76] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef636741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6365f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6365674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6365e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6367f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6366a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6366ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6367b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6367ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef63678b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6364fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6365d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2496] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6367584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.0 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3972:1028] 000007fefbec2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3972:2220] 000007fee993d618 ---- EOF - GMER 2.0 ----