GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-09 00:06:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f WDC_____ rev.01.0 931,51GB Running: qkeqb0sg.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\services.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1548] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[1768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[2228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077098791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 770bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 770bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 77138ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 770948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 771387a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 77138978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 77138698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 77138a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 770afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 770b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 77138f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 77138ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 7713865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 770afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 770bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 77138e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 771385f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074e317fa 2 bytes CALL 770911a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074e31860 2 bytes CALL 770911a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074e31942 2 bytes JMP 76837089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074e3194d 2 bytes JMP 7683cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 770bb21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 770bb346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 77138ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 770948ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 771387a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 77138978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 77138698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 77138a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 770afca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 770b68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 77138f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 77138ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 7713865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 770afd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 770bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 77138e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 771385f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3792] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Windows\system32\igfxEM.exe[4948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743ef8d 1 byte [62] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 770bb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 770bb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 77138ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 770948ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 771387a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 77138978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 77138698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 77138a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 770afca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 770b68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 77138f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 77138ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 7713865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 770afd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 770bb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 77138e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 771385f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\ctfmon.exe[3244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] .text C:\Users\user\Desktop\Wszystkie te syfy\qkeqb0sg.exe[6764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770ba2fd 1 byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef0f8741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef0f85f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef0f85674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef0f85e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef0f87f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef0f86a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef0f86ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef0f87b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef0f87ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef0f878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef0f84fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef0f85d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3172] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef0f87584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.1 ----