GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-26 19:57:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-2 Samsung_SSD_840_Series rev.DXT06B0Q 232,88GB Running: 17v0xsxk.exe; Driver: C:\Users\admin11\AppData\Local\Temp\uglciaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d30048 5 bytes JMP 0000000069921986 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\SysWOW64\WSOCK32.dll!recv + 83 0000000073d117fb 1 byte [73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 89 0000000073d11861 1 byte [73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 99 0000000073d11943 1 byte [73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 110 0000000073d1194e 1 byte [73] .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1468] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\vmnat.exe[3176] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 0000000073ce13b0 2 bytes JMP 764055d0 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[3176] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 0000000073ce13c0 2 bytes CALL 75ab9cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\vmnat.exe[3176] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 0000000073ce153e 2 bytes CALL 76497364 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[3176] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000073ce1553 2 bytes CALL 774510ff C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5132] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[5304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[6504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d2f9c1 7 bytes {MOV EDX, 0x105ae8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077d2fa3d 7 bytes {MOV EDX, 0x1059a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077d2fb55 7 bytes {MOV EDX, 0x105968; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d2fc05 7 bytes {MOV EDX, 0x105b28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d2fc35 7 bytes {MOV EDX, 0x105a68; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d2fc4d 7 bytes {MOV EDX, 0x105928; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d2fc65 7 bytes {MOV EDX, 0x105be8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d2fc95 7 bytes {MOV EDX, 0x105c28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d2fd15 7 bytes {MOV EDX, 0x105ba8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d2fd2d 7 bytes {MOV EDX, 0x105b68; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d2fd79 7 bytes {MOV EDX, 0x105868; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d2fe71 7 bytes {MOV EDX, 0x1058a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d300c9 7 bytes {MOV EDX, 0x105828; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077d3102d 7 bytes {MOV EDX, 0x1059e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d310d5 7 bytes {MOV EDX, 0x105aa8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d3114d 7 bytes {MOV EDX, 0x105a28; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d31351 7 bytes {MOV EDX, 0x1058e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075681401 2 bytes JMP 7747b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075681419 2 bytes JMP 7747b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075681431 2 bytes JMP 774f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007568144a 2 bytes CALL 77454885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756814dd 2 bytes JMP 774f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756814f5 2 bytes JMP 774f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007568150d 2 bytes JMP 774f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075681525 2 bytes JMP 774f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007568153d 2 bytes JMP 7746fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075681555 2 bytes JMP 77476907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007568156d 2 bytes JMP 774f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075681585 2 bytes JMP 774f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007568159d 2 bytes JMP 774f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756815b5 2 bytes JMP 7746fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756815cd 2 bytes JMP 7747b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756816b2 2 bytes JMP 774f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[4676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756816bd 2 bytes JMP 774f8891 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003c9355af4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b10002aec@00023c654d04 0xE7 0x6F 0x53 0x4B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003c9355af4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b10002aec@00023c654d04 0xE7 0x6F 0x53 0x4B ... ---- EOF - GMER 2.2 ----