GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-02 15:40:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: k81x5e98.exe; Driver: C:\Users\Niagara\AppData\Local\Temp\kfddqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ab1401 2 bytes JMP 75b2b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ab1419 2 bytes JMP 75b2b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ab1431 2 bytes JMP 75ba8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ab144a 2 bytes CALL 75b0489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ab14dd 2 bytes JMP 75ba88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ab14f5 2 bytes JMP 75ba8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ab150d 2 bytes JMP 75ba87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ab1525 2 bytes JMP 75ba8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ab153d 2 bytes JMP 75b1fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ab1555 2 bytes JMP 75b268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ab156d 2 bytes JMP 75ba9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ab1585 2 bytes JMP 75ba8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ab159d 2 bytes JMP 75ba877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ab15b5 2 bytes JMP 75b1fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ab15cd 2 bytes JMP 75b2b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ab16b2 2 bytes JMP 75ba8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2440] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ab16bd 2 bytes JMP 75ba8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes {JMP QWORD [RIP-0x4bd61]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes {JMP QWORD [RIP-0x4bd77]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes {JMP QWORD [RIP-0x4c538]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes {JMP QWORD [RIP-0x4bd56]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes {JMP QWORD [RIP-0x4c44e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes {JMP QWORD [RIP-0x4cf71]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ab1401 2 bytes JMP 75b2b21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ab1419 2 bytes JMP 75b2b346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ab1431 2 bytes JMP 75ba8fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ab144a 2 bytes CALL 75b0489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ab14dd 2 bytes JMP 75ba88c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ab14f5 2 bytes JMP 75ba8aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ab150d 2 bytes JMP 75ba87ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ab1525 2 bytes JMP 75ba8b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ab153d 2 bytes JMP 75b1fca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ab1555 2 bytes JMP 75b268ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ab156d 2 bytes JMP 75ba9089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ab1585 2 bytes JMP 75ba8bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ab159d 2 bytes JMP 75ba877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ab15b5 2 bytes JMP 75b1fd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ab15cd 2 bytes JMP 75b2b2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ab16b2 2 bytes JMP 75ba8f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ab16bd 2 bytes JMP 75ba8713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2844] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera_crashreporter.exe[4076] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[2320] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5840] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5856] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5920] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[5144] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Opera\34.0.2036.42\opera.exe[1500] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e81544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000076e818ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e81ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e81d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e81e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e81f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000076e82238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000076e826e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076ecda80 8 bytes {JMP QWORD [RIP-0x4bd61]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076ecdc00 8 bytes {JMP QWORD [RIP-0x4bd77]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076ecdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076ecdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076ecde00 8 bytes {JMP QWORD [RIP-0x4c538]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076ece430 8 bytes {JMP QWORD [RIP-0x4bd56]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076ece680 8 bytes {JMP QWORD [RIP-0x4c44e]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076eceee0 8 bytes {JMP QWORD [RIP-0x4cf71]} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000748b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000748b146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000748b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000748b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000748b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Niagara\Downloads\k81x5e98.exe[5872] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000748b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004d97bec] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef6f8741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6f85f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6f85674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6f85e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6f87f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6f86a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6f86ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6f87b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6f87ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef6f878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6f84fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6f85d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2836] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6f87584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.1 ---- Thread [2332:2376] 0000000071967850 Thread [2332:3048] 000000007709c557 Thread [2332:3052] 00000000770b27c1 Thread [2332:3064] 0000000074b6d854 Thread [2332:2880] 00000000770b27c1 Thread C:\Program Files (x86)\Search Extensions\Client.exe [2348:2248] 000000006e9532fb Thread C:\Program Files (x86)\Search Extensions\Client.exe [2348:5404] 0000000071967850 Thread C:\windows\System32\svchost.exe [6024:676] 000007fef0c49688 ---- EOF - GMER 2.1 ----