GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-20 17:09:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 OCZ-SOLID3 rev.2.15 111,79GB Running: jhnmqgsg.exe; Driver: C:\Users\BM\AppData\Local\Temp\ugdcyaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2868] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077d2000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2868] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077dafbaa 5 bytes JMP 0000000177d69c63 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Users\BM\AppData\Roaming\Dropbox\bin\Dropbox.exe[3012] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[1568] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000777f8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[1072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 7781b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 7781b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 77898fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 777f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 778988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 77898aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 778987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 77898b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 7780fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 778168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 77899089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 77898bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 7789877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 7780fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 7781b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 77898f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MonitorSoftware\jre\bin\javaw.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 77898713 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ----