GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-18 11:46:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1 ST380815AS rev.4.ADA 74,51GB Running: g0l6xwkh.exe; Driver: C:\Users\DELL\AppData\Local\Temp\aftciaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075171401 2 bytes JMP 7620b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075171419 2 bytes JMP 7620b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075171431 2 bytes JMP 762890f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007517144a 2 bytes CALL 761e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751714dd 2 bytes JMP 762889ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751714f5 2 bytes JMP 76288bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007517150d 2 bytes JMP 762888e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075171525 2 bytes JMP 76288caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007517153d 2 bytes JMP 761ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075171555 2 bytes JMP 76206937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007517156d 2 bytes JMP 762891a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075171585 2 bytes JMP 76288d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007517159d 2 bytes JMP 762888a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751715b5 2 bytes JMP 761ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751715cd 2 bytes JMP 7620b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751716b2 2 bytes JMP 7628906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751716bd 2 bytes JMP 76288839 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4916:6004] 000007fefaf82b1c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4916:5804] 000007feeb3d8f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4916:5944] 000007fef0c55124 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:2724] 0000000077067ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:5816] 00000000769b7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:4396] 00000000672a9946 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:5248] 0000000077061697 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:5048] 0000000077067ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3116:4216] 0000000077067ad8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???i?z???h?h????@mshdc.inf,%idechannel.devicedesc%;Kana? IDE????????????????Intel-29b6?Internal_IDE_Channel?????????????????????????? &??j???E?????owA???????_?????????????n?/??????????????? ???????h?????h?????[?,??(???????????????????s?????????y????/??????????? ???i???????????4??? ???????h?????h???????3????????????????????????????? ???????h???????????h?3?????????????????????y?????????h???h???h????????? ???f???????????/??System?????????????????h?????.??? ???????h???????????h?3????????????????????? ???????h?????h???????3????????????????????? ???????h???????????h?3????????T?????????????????????????????T??h?????????????h????????????????? ???????h???????????h??????????????????????????????PCI\VEN_8086&DEV_2914&SUBSYS_00000000&REV_02?PCI\VEN_8086&DEV_2914&SUBSYS_00000000?PCI\VEN_8086&DEV_2914&REV_02?PCI\VEN_8086&DEV_2914?PCI\VEN_8086&DEV_2914&CC_060100?PCI\VEN_8086&DEV_2914&CC_0601?????PCI\VEN_8086&CC_060100?PCI\VEN_8086&CC_0601?PCI\VEN_8086?PCI\CC_060100?PCI\CC_0601????????N??i?????????-?&???????????-???????.??Tcp Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ????????6-21-2006???@usbport.inf,%usb\root_hub.devicedesc%;G??wny koncentrator USB???????_?_?f?g?g?g?f?h?????f?f?f???_?_????????????00??????????????????? ???????n?????????????,??????????????????????2 PC???????????????W?????????????????N????????????00??@usbport.inf,%usb\root_hub.devicedesc%;G??wny koncentrator USB??????dtlitescsibus???\F??AirSpaceChannel??z???????????????????????z?????l?d???W?Z?Z?Z?Z?Z?Z?Z????????@usbport.inf,%intel.mfg%;Intel???????????????????&???????????????????????????????????6??????????????????@usbport.inf,%usb\root_hub20.devicedesc%;G??wny koncentrator USB????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE???????USB\Class_03&SubClass_01&Prot_02?USB\Class_03&SubClass_01?USB\Class_03??????root\dtlitescsibus???S????X?????????????????iv??@usbport.inf,%usb\root_hub20.devicedesc%;G??wny koncentrator USB?????????????|???????|???????????5???????????t???????????O??????????3}????????????????????????x??????|????????????e??u??????????system32\DRIVERS\Wi ---- EOF - GMER 2.2 ----