GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-08 18:56:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a WDC_WD50 rev.01.0 465,76GB Running: iclrrk0p.exe; Driver: C:\Users\Pisarski\AppData\Local\Temp\ugtdypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\services.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\System32\svchost.exe[552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\atieclxx.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\Explorer.EXE[1544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[1056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074a117fa 2 bytes CALL 74ff11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074a11860 2 bytes CALL 74ff11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074a11942 2 bytes JMP 76927089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074a1194d 2 bytes JMP 7692cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[2472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Dolby PCEE4\pcee4.exe[4024] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074ff8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076bb1401 2 bytes JMP 7501b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076bb1419 2 bytes JMP 7501b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076bb1431 2 bytes JMP 75098f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076bb144a 2 bytes CALL 74ff4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076bb14dd 2 bytes JMP 75098802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076bb14f5 2 bytes JMP 750989d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076bb150d 2 bytes JMP 750986f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076bb1525 2 bytes JMP 75098ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076bb153d 2 bytes JMP 7500fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076bb1555 2 bytes JMP 750168bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076bb156d 2 bytes JMP 75098fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076bb1585 2 bytes JMP 75098b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076bb159d 2 bytes JMP 750986bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076bb15b5 2 bytes JMP 7500fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076bb15cd 2 bytes JMP 7501b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076bb16b2 2 bytes JMP 75098e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\avastui.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076bb16bd 2 bytes JMP 75098651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GamingMouse\hid.exe[532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files (x86)\GamingMouse\trayicon.exe[3344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5976] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[4896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fbefcd 1 byte [62] .text C:\Users\Pisarski\Downloads\iclrrk0p.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007501a2cd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4984:4728] 000007fefb202bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4984:4628] 000007feea56cf60 Thread C:\Windows\System32\svchost.exe [5952:5984] 000007fee8e19688 ---- EOF - GMER 2.1 ----