GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-01 15:25:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 GOODRAM_ rev.S8FM 55,90GB Running: 00ep5e8x.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kxacqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077a01401 2 bytes JMP 75aeb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077a01419 2 bytes JMP 75aeb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077a01431 2 bytes JMP 75b69149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077a0144a 2 bytes CALL 75ac4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077a014dd 2 bytes JMP 75b68a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077a014f5 2 bytes JMP 75b68c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077a0150d 2 bytes JMP 75b68938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077a01525 2 bytes JMP 75b68d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077a0153d 2 bytes JMP 75adfcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077a01555 2 bytes JMP 75ae6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077a0156d 2 bytes JMP 75b69201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077a01585 2 bytes JMP 75b68d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077a0159d 2 bytes JMP 75b688fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077a015b5 2 bytes JMP 75adfd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077a015cd 2 bytes JMP 75aeb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077a016b2 2 bytes JMP 75b690c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077a016bd 2 bytes JMP 75b68891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee719741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee7195f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee7195674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee7195e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee7197f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee7196a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee7196ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee7197b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee7197ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee71978b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee7194fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee7195d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3428] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee7197584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.2 ----