GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-18 23:03:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 INTEL_SSDSC2CW120A3 rev.400i 111,79GB Running: p7v1xkon.exe; Driver: C:\Users\Ann\AppData\Local\Temp\pxldipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076018781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 760b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 7601489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 760b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 760b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 760b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 760b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 760b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 760b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 760b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 760b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 760b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 760b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 7601489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 760b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 760b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 760b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 760b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 760b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 760b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 760b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 760b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 760b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 760b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 7601489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 760b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 760b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 760b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 760b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 760b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 760b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 760b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 760b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 760b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 760b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 7601489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 760b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 760b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 760b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 760b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 760b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 760b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 760b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 760b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 760b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000759e1401 2 bytes JMP 7603b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000759e1419 2 bytes JMP 7603b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000759e1431 2 bytes JMP 760b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000759e144a 2 bytes CALL 7601489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759e14dd 2 bytes JMP 760b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759e14f5 2 bytes JMP 760b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000759e150d 2 bytes JMP 760b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000759e1525 2 bytes JMP 760b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000759e153d 2 bytes JMP 7602fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000759e1555 2 bytes JMP 760368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000759e156d 2 bytes JMP 760b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000759e1585 2 bytes JMP 760b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000759e159d 2 bytes JMP 760b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759e15b5 2 bytes JMP 7602fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759e15cd 2 bytes JMP 7603b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759e16b2 2 bytes JMP 760b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759e16bd 2 bytes JMP 760b8671 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef40a741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef40a5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef40a5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef40a5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef40a7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef40a6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef40a6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef40a7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef40a7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef40a78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef40a4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef40a5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2512] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef40a7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1840] (GG drive overlay/GG Network S.A.)(2015-02-19 06:53:29) 000000005c080000 Library C:\Users\Ann\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1840] (GG drive menu/GG Network S.A.)(2014-12 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GOG.com\WiedŸmin 3\xae - Dziki Gon\Usuñ WiedŸmin 3\xae - Dziki Gon.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\WiedŸmin 3\xae - Dziki Gon\Usuñ WiedŸmin 3\xae - Dziki Gon.lnk 1 ---- EOF - GMER 2.1 ----