GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-23 23:04:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000054 WDC_WD25 rev.01.0 232,89GB Running: t4jmc2t1.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1876] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Users\user\AppData\Local\tuto4pc_pl_1\supt4pc_pl_1.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f6faa0 5 bytes JMP 0000000100280600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f6fb38 5 bytes JMP 0000000100280804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f6fc90 5 bytes JMP 0000000100280c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f70018 5 bytes JMP 0000000100280a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f8c45a 5 bytes JMP 00000001002801f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f91217 5 bytes JMP 00000001002803fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000746ca30a 1 byte [62] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007510ee09 5 bytes JMP 00000001002901f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075113982 5 bytes JMP 00000001002903fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075117603 5 bytes JMP 0000000100290804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007511835c 5 bytes JMP 0000000100290600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007512f52b 5 bytes JMP 0000000100290a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000765d5181 5 bytes JMP 00000001002a1014 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000765d5254 5 bytes JMP 00000001002a0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765d53d5 5 bytes JMP 00000001002a0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765d54c2 5 bytes JMP 00000001002a0c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765d55e2 5 bytes JMP 00000001002a0e10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765d567c 5 bytes JMP 00000001002a01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765d589f 5 bytes JMP 00000001002a03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000765d5a22 5 bytes JMP 00000001002a0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] ? C:\Windows\system32\mssprxy.dll [4392] entry point in ".rdata" section 000000006bd871e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f6f991 7 bytes {MOV EDX, 0xff9a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f6faa0 5 bytes JMP 0000000101090600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f6fb38 5 bytes JMP 0000000101090804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f6fbd5 7 bytes {MOV EDX, 0xff9a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f6fc05 7 bytes {MOV EDX, 0xff99a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f6fc1d 7 bytes {MOV EDX, 0xff9928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f6fc35 7 bytes {MOV EDX, 0xff9b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f6fc65 7 bytes {MOV EDX, 0xff9b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f6fc90 5 bytes JMP 0000000101090c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f6fce5 7 bytes {MOV EDX, 0xff9ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f6fcfd 7 bytes {MOV EDX, 0xff9aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f6fd49 7 bytes {MOV EDX, 0xff9868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f6fe41 7 bytes {MOV EDX, 0xff98a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f70018 5 bytes JMP 0000000101090a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f70099 7 bytes {MOV EDX, 0xff9828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f710a5 7 bytes {MOV EDX, 0xff99e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f7111d 7 bytes {MOV EDX, 0xff9968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f71321 7 bytes {MOV EDX, 0xff98e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f8c45a 5 bytes JMP 00000001010901f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f91217 5 bytes JMP 00000001010903fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000746ca30a 1 byte [62] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007510ee09 5 bytes JMP 00000001010a01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075113982 5 bytes JMP 00000001010a03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075117603 5 bytes JMP 00000001010a0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007511835c 5 bytes JMP 00000001010a0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007512f52b 5 bytes JMP 00000001010a0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000765d5181 5 bytes JMP 00000001010b1014 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000765d5254 5 bytes JMP 00000001010b0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765d53d5 5 bytes JMP 00000001010b0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765d54c2 5 bytes JMP 00000001010b0c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765d55e2 5 bytes JMP 00000001010b0e10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765d567c 5 bytes JMP 00000001010b01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765d589f 5 bytes JMP 00000001010b03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000765d5a22 5 bytes JMP 00000001010b0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f6f991 7 bytes {MOV EDX, 0x879628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f6faa0 5 bytes JMP 0000000100910600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f6fb38 5 bytes JMP 0000000100910804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f6fbd5 7 bytes {MOV EDX, 0x879668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f6fc05 7 bytes {MOV EDX, 0x8795a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f6fc1d 7 bytes {MOV EDX, 0x879528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f6fc35 7 bytes {MOV EDX, 0x879728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f6fc65 7 bytes {MOV EDX, 0x879768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f6fc90 5 bytes JMP 0000000100910c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f6fce5 7 bytes {MOV EDX, 0x8796e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f6fcfd 7 bytes {MOV EDX, 0x8796a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f6fd49 7 bytes {MOV EDX, 0x879468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f6fe41 7 bytes {MOV EDX, 0x8794a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f70018 5 bytes JMP 0000000100910a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f70099 7 bytes {MOV EDX, 0x879428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f710a5 7 bytes {MOV EDX, 0x8795e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f7111d 7 bytes {MOV EDX, 0x879568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f71321 7 bytes {MOV EDX, 0x8794e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f8c45a 5 bytes JMP 00000001009101f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f91217 5 bytes JMP 00000001009103fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000746ca30a 1 byte [62] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007510ee09 5 bytes JMP 00000001009201f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075113982 5 bytes JMP 00000001009203fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075117603 5 bytes JMP 0000000100920804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007511835c 5 bytes JMP 0000000100920600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007512f52b 5 bytes JMP 0000000100920a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000765d5181 5 bytes JMP 0000000100941014 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000765d5254 5 bytes JMP 0000000100940804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765d53d5 5 bytes JMP 0000000100940a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765d54c2 5 bytes JMP 0000000100940c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765d55e2 5 bytes JMP 0000000100940e10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765d567c 5 bytes JMP 00000001009401f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765d589f 5 bytes JMP 00000001009403fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000765d5a22 5 bytes JMP 0000000100940600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f6f991 7 bytes {MOV EDX, 0xb14228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f6faa0 5 bytes JMP 0000000100bb0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f6fb38 5 bytes JMP 0000000100bb0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f6fbd5 7 bytes {MOV EDX, 0xb14268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f6fc05 7 bytes {MOV EDX, 0xb141a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f6fc1d 7 bytes {MOV EDX, 0xb14128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f6fc35 7 bytes {MOV EDX, 0xb14328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f6fc65 7 bytes {MOV EDX, 0xb14368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f6fc90 5 bytes JMP 0000000100bb0c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f6fce5 7 bytes {MOV EDX, 0xb142e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f6fcfd 7 bytes {MOV EDX, 0xb142a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f6fd49 7 bytes {MOV EDX, 0xb14068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f6fe41 7 bytes {MOV EDX, 0xb140a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f70018 5 bytes JMP 0000000100bb0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076f70099 7 bytes {MOV EDX, 0xb14028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076f710a5 7 bytes {MOV EDX, 0xb141e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076f7111d 7 bytes {MOV EDX, 0xb14168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076f71321 7 bytes {MOV EDX, 0xb140e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f8c45a 5 bytes JMP 0000000100bb01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f91217 5 bytes JMP 0000000100bb03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000746ca30a 1 byte [62] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007510ee09 5 bytes JMP 0000000100bc01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075113982 5 bytes JMP 0000000100bc03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075117603 5 bytes JMP 0000000100bc0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007511835c 5 bytes JMP 0000000100bc0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007512f52b 5 bytes JMP 0000000100bc0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000765d5181 5 bytes JMP 0000000100bd1014 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000765d5254 5 bytes JMP 0000000100bd0804 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765d53d5 5 bytes JMP 0000000100bd0a08 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765d54c2 5 bytes JMP 0000000100bd0c0c .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765d55e2 5 bytes JMP 0000000100bd0e10 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765d567c 5 bytes JMP 0000000100bd01f8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765d589f 5 bytes JMP 0000000100bd03fc .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000765d5a22 5 bytes JMP 0000000100bd0600 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] .text C:\Windows\system32\AUDIODG.EXE[2036] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076a9eecd 1 byte [62] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f6faa0 5 bytes JMP 0000000100030600 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f6fb38 5 bytes JMP 0000000100030804 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f6fc90 5 bytes JMP 0000000100030c0c .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f70018 5 bytes JMP 0000000100030a08 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076f8c45a 5 bytes JMP 00000001000301f8 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f91217 5 bytes JMP 00000001000303fc .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000746ca30a 1 byte [62] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000765d5181 5 bytes JMP 00000001003c1014 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000765d5254 5 bytes JMP 00000001003c0804 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765d53d5 5 bytes JMP 00000001003c0a08 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765d54c2 5 bytes JMP 00000001003c0c0c .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765d55e2 5 bytes JMP 00000001003c0e10 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765d567c 5 bytes JMP 00000001003c01f8 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765d589f 5 bytes JMP 00000001003c03fc .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000765d5a22 5 bytes JMP 00000001003c0600 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007510ee09 5 bytes JMP 00000001003d01f8 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075113982 5 bytes JMP 00000001003d03fc .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075117603 5 bytes JMP 00000001003d0804 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007511835c 5 bytes JMP 00000001003d0600 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007512cfca 5 bytes JMP 0000000172e341c0 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007512f52b 5 bytes JMP 00000001003d0a08 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f21401 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f21419 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f21431 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f2144a 2 bytes [F2, 76] .text ... * 9 .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f214dd 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f214f5 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f2150d 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f21525 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f2153d 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f21555 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f2156d 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f21585 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f2159d 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f215b5 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f215cd 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f216b2 2 bytes [F2, 76] .text C:\Users\user\Desktop\t4jmc2t1.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f216bd 2 bytes [F2, 76] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2268] 000007fef635cc10 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2272] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2332] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2336] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2340] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2344] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2348] 000007fef632f718 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2356] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2360] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2364] 000007fef621143c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:2444] 000007fef6856050 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:196] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256:5016] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2392] 000007fef635cc10 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2396] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2416] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2420] 000007fef632f718 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2428] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2432] 000007fef6856050 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2456] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2460] 000007fefb8c2a7c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2464] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2468] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2472] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2488] 000007fef621143c Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2520] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:1096] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3312] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3712] 0000000072566c88 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3740] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3764] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3776] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3828] 000000006d7e2340 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:2548] 000007fef621b564 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384:3916] 000007fef621b564 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3440] 0000000076fa2e25 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3752] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:652] 00000000765d7587 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3084] 000000006b0e8d60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2196] 000000006a6b6fe0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3936] 000000006a6b6900 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3984] 000000006a6ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2108] 000000006a6ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3456] 000000006a6ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:776] 000000006a6aca80 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2404] 000000006a6c86a0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2816] 000000006a6c7480 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1316] 000000006a6c7850 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1812] 000000006a6ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3872] 000000006a6ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2812] 000000006a6ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1220] 00000000688812f0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3296] 0000000068882c10 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2932] 0000000068882c10 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3188] 000000006d311070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1532] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1728] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3064] 000000006d2d12f0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2244] 000000006d2b1000 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:860] 000000006a6b7b60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3528] 000000006a6ae280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3532] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2600] 000000006af75400 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3588] 000000006d3116a0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3860] 000000006d2b1280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:4060] 000000006d036120 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2692] 000000006b0e4290 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2880] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:4024] 000000006b0e8650 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1004] 000000006b0f28c0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1704] 000000006b0f6680 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2584] 000000006b0e9280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3436] 000000006d281670 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3848] 000000006d281840 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1000] 000000006b0eb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1240] 000000006b0eb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2840] 000000006b0eb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3956] 000000006b0eb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2004] 000000006b0eb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3564] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3480] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3276] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3728] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2552] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:4080] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1984] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3204] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:3836] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2144] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1172] 0000000072d932ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:944] 000000006b0f0a60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:2096] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:4504] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:4508] 0000000072d9345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:1696] 0000000073d562ee Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2184:5088] 0000000076fa3e45 Thread [3192:3348] 0000000076fa2e25 Thread [3192:2684] 0000000072d9345e Thread [3192:3856] 000000006eae13b0 Thread [3192:616] 000000006a6c04d0 Thread [3192:3364] 0000000072d9345e Thread [3192:704] 00000000740727c1 Thread [3192:3684] 000000007407a3e0 Thread [3192:2608] 0000000076fa3e45 Thread [3192:3416] 00000000743732fb Thread [3192:3592] 0000000076fa3e45 Thread [3192:4460] 0000000076fa3e45 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2256] 000007fef80e0000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2384] 000007fef80e0000 Library ? (*** suspicious ***) @ [3192] 00000000003c0000 ---- EOF - GMER 2.0 ----