GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-24 17:06:04 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-00UU3A0 rev.01.03B01 298,09GB Running: 0zkz86jw.exe; Driver: C:\Users\TOBIAR~1\AppData\Local\Temp\kgldapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000721b1a22 2 bytes [1B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000721b1ad0 2 bytes [1B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000721b1b08 2 bytes [1B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000721b1bba 2 bytes [1B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000721b1bda 2 bytes [1B, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\Samsung\Kies\Kies.exe[740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2184] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077e3000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2184] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077ebf7ea 5 bytes JMP 0000000177e78e79 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000732c11a8 2 bytes [2C, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000732c13a8 2 bytes [2C, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000732c1422 2 bytes [2C, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3236] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000732c1498 2 bytes [2C, 73] .text C:\Users\Tobiaryna\AppData\Roaming\Dropbox\bin\Dropbox.exe[3260] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Users\Tobiaryna\AppData\Roaming\Dropbox\bin\Dropbox.exe[3260] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\Steam\Steam.exe[4968] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076aa4516 5 bytes JMP 00000001000f0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076aa4516 5 bytes JMP 0000000100080800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e3f9a1 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077e3f9ab 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077e3fa1d 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077e3fa27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077e3fb35 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077e3fb3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e3fbe5 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077e3fbef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e3fc15 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077e3fc1f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e3fc2d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077e3fc37 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e3fc45 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077e3fc4f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e3fc75 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077e3fc7f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e3fcf5 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077e3fcff 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e3fd0d 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077e3fd17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e3fd59 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077e3fd63 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077e3fdbd 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077e3fdc7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e3fe51 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077e3fe5b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077e3ff99 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077e3ffa3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e400a9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077e400b3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077e40791 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077e4079b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077e4100d 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077e41017 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077e4106d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077e41077 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e410b5 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077e410bf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e4112d 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077e41137 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e41331 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077e4133b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007792103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077921072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076aa0518 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076aa0548 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076fe4de0 5 bytes JMP 00000001000b03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076fe4f70 5 bytes JMP 00000001000b05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076fe51a2 5 bytes JMP 00000001000b08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076fe522d 5 bytes JMP 00000001000b0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076fe5689 5 bytes JMP 00000001000b01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076fe58b3 5 bytes JMP 00000001000b0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076fe6bad 5 bytes JMP 00000001000b0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076fe6e05 5 bytes JMP 00000001000b0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076fe6ead 5 bytes JMP 00000001000b0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076fe7180 5 bytes JMP 00000001000b06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076fe7435 5 bytes JMP 00000001000b0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076fe7bcc 5 bytes JMP 00000001000b00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076fe7dc4 5 bytes JMP 00000001000b03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076fe7fd5 5 bytes JMP 00000001000b0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076fe82b2 5 bytes JMP 00000001000b0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076fe8401 5 bytes JMP 00000001000b09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076fe879f 5 bytes JMP 00000001000b02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076fe8916 5 bytes JMP 00000001000b05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076fe8b7a 5 bytes JMP 00000001000b0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076fe8ee6 5 bytes JMP 00000001000b0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076fe9875 5 bytes JMP 00000001000b0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076fe9936 5 bytes JMP 00000001000b0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076fea53a 5 bytes JMP 00000001000b09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076feaf9f 5 bytes JMP 00000001000b0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076feb9e5 5 bytes JMP 00000001000b0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076febd55 5 bytes JMP 00000001000b0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076fec040 5 bytes JMP 00000001000b0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076fec107 5 bytes JMP 00000001000b0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076fec269 5 bytes JMP 00000001000b06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076fed1f1 5 bytes JMP 00000001000b0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076fed349 5 bytes JMP 00000001000b0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076fedce4 5 bytes JMP 00000001000b0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076fee743 5 bytes JMP 00000001000b00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076ff03b7 5 bytes JMP 00000001000b02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!Escape 0000000076ff1bda 5 bytes JMP 00000001000b0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076ff1e89 5 bytes JMP 00000001000b0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000076ff4843 5 bytes JMP 00000001000b0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076ff5690 5 bytes JMP 00000001000b0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076ff6bde 5 bytes JMP 00000001000b0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076ffe2db 5 bytes JMP 00000001000b0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007700940d 5 bytes JMP 00000001000b0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007700c621 5 bytes JMP 00000001000b0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007700d2b2 5 bytes JMP 00000001000b0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007700d919 5 bytes JMP 00000001000b0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000077013adc 5 bytes JMP 00000001000b0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000077013f29 5 bytes JMP 00000001000b01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!StartPage 000000007701401a 5 bytes JMP 00000001000b0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000077014c51 5 bytes JMP 00000001000b07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000770153fd 5 bytes JMP 00000001000b0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000077015454 5 bytes JMP 00000001000b0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000770154af 5 bytes JMP 00000001000b0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!EndPath 0000000077015506 5 bytes JMP 00000001000b0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007701573f 5 bytes JMP 00000001000b07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!FillPath 00000000770157d2 5 bytes JMP 00000001000b0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000077015c44 5 bytes JMP 00000001000b04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000077015cd5 5 bytes JMP 00000001000b04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000077015d87 5 bytes JMP 00000001000b08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000773f8c40 5 bytes JMP 00000001000c0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000773f9ebd 5 bytes JMP 00000001000c02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077400afa 5 bytes JMP 00000001000c02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000077400c62 7 bytes JMP 00000001000c05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetParent 0000000077400f68 7 bytes JMP 00000001000c06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!IsWindowVisible 000000007740112d 7 bytes JMP 00000001000c06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774012a5 5 bytes JMP 00000001000c05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007740227d 7 bytes JMP 00000001000c0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000077403150 7 bytes JMP 00000001000c0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!SetCursor 00000000774041f6 5 bytes JMP 00000001000c0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000774068ef 5 bytes JMP 00000001000c0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000774077fa 5 bytes JMP 00000001000c0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000077407887 7 bytes JMP 00000001000c0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000077408676 5 bytes JMP 00000001000c00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000077408696 5 bytes JMP 00000001000c0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000077408e8d 5 bytes JMP 00000001000c00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000077408ecb 5 bytes JMP 00000001000c0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007740c17b 5 bytes JMP 00000001000c0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007740c449 5 bytes JMP 00000001000c01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007740c468 5 bytes JMP 00000001000c03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007740c486 5 bytes JMP 00000001000c01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007740c4b6 5 bytes JMP 00000001000c04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 000000007740d6c0 5 bytes JMP 00000001000c04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007740e360 5 bytes JMP 00000001000c0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000077438e57 5 bytes JMP 00000001000c0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077439cfd 5 bytes JMP 00000001000c0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077439f1d 5 bytes JMP 00000001000c0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000077457cb9 5 bytes JMP 00000001000c0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000077458111 5 bytes JMP 00000001000c0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007745832f 5 bytes JMP 00000001000c03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000075999606 5 bytes JMP 00000001000d00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000759a0581 5 bytes JMP 00000001000d0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000759a0bb9 5 bytes JMP 00000001000d0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000759a0c2e 5 bytes JMP 00000001000d01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000759a0f2e 5 bytes JMP 00000001000d0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000759a1096 5 bytes JMP 00000001000d00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000759a124e 5 bytes JMP 00000001000d01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000759a129d 5 bytes JMP 00000001000d0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000759a1527 5 bytes JMP 00000001000d0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000759a1590 5 bytes JMP 00000001000d0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075c10045 5 bytes JMP 00000001000e0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075c136b2 5 bytes JMP 00000001000e0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075c3fdcd 5 bytes JMP 00000001000e00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077221465 2 bytes [22, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772214bb 2 bytes [22, 77] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef6da741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6da5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6da5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6da5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6da7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6da6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6da6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6da7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6da7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef6da78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6da4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6da5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6da7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.1 ----