GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-31 14:53:29 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: gmer.exe; Driver: C:\Users\Janek\AppData\Local\Temp\kwddyaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\user32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe[2468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[3772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LockKey\LockKey.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4944] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[5072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000768c2a62 5 bytes JMP 0000000172675820 .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075621401 2 bytes JMP 76afeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075621419 2 bytes JMP 76b0b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075621431 2 bytes JMP 76b88609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007562144a 2 bytes CALL 76ae1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000756214dd 2 bytes JMP 76b87efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000756214f5 2 bytes JMP 76b880d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007562150d 2 bytes JMP 76b87df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075621525 2 bytes JMP 76b881c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007562153d 2 bytes JMP 76aff088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075621555 2 bytes JMP 76b0b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007562156d 2 bytes JMP 76b886c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075621585 2 bytes JMP 76b88222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007562159d 2 bytes JMP 76b87db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000756215b5 2 bytes JMP 76aff121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000756215cd 2 bytes JMP 76b0b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000756216b2 2 bytes JMP 76b88584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Janek\Downloads\gmer\gmer.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000756216bd 2 bytes JMP 76b87d4d C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2324:3416] 000007fef3b99688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0143dd48080 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0143dd48080@00020235439f 0xAA 0xDA 0x33 0x77 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0143dd48080@08d42b9f8e2e 0x11 0xCF 0x38 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???z????????????????????*6to4mp??????z???????????????????0???????????????|?|?|??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|????????????????????????????????????????????????????????????????????{???s?s?{?|?|??????????????????1-15-2012???????t???????????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|??????????z??????????????????e???? ???z???????????????????????#?????????????????????????e????????????????????????P?????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???ze???Microsoft???????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|????????z???????????????????????????z??????????????????????? ??????????????P????????z?????????e??????8??|????????h?????????????????t?????d??|?????????e?????????????????????????????????????????????????????????????????????????????z??????????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|??????????z???????????????????????????z??????????????????e???? ???z???????????????????????????z??????????????????????????????t???v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|????!???z????????????????????e??????????z???????????????????????????z??????????????????e?? Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???o????SCSI Miniport???????????????.0??Intel AHCI Controller????????????r?????>??r??????????????%SystemRoot%\System32\umpo.dll???????r??????????????????????? ???????q???????????r???????? ?F?????????????????F??r????????????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?i??PnP Filter??????????????????????????????g????????????o??tp???????i???:???:??NDIS?0???????????????????????0??0???%SystemRoot%\System32\srvsvc.dll????????????????t?????r??s?????????e????????????Network????????????????j?j???{?{????????????????????????????Network?????????????????t????????i???s??ep??Network?????????????????t???Video????????i???????2??mrxsmb???????????i??????p????i?i?i???????????????????v?v?v??Extended Base?????P??u?????????e????rdbss???????NDIS?~??system32\DRIVERS\HECIx64.sys?????s?x?y??Base?????????i???2???????z?{?{?????????????g?????? ??i??????????????????????????????????????????Base?#???????????????n???????????????????????????i????????hn????Network??????????i?????????e????????????????????t????i??????????????DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL?????USB?????hal.inf:GENDEV_SYS.NTamd64:ACPI_AMD64_HAL:6.1.7600.16385:acpiapic????????????????????????????????????????i???????????????????????????????i???????????????????????????????i???????3??6.1.7600.16385?0.1????????????????????$??i????? Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???j?j???{?{????????????????????????????Network?????????????????t????????i???s??ep??Network?????????????????t???Video????????i???????2??mrxsmb???????????i??????p????i?i?i???????????????????v?v?v??Extended Base?????P??u?????????e????rdbss???????NDIS?~??system32\DRIVERS\HECIx64.sys?????s?x?y??Base?????????i???2???????z?{?{?????????????g?????? ??i??????????????????????????????????????????Base?#???????????????n???????????????????????????i????????hn????Network??????????i?????????e????????????????????t????i??????????????DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL?????USB?????hal.inf:GENDEV_SYS.NTamd64:ACPI_AMD64_HAL:6.1.7600.16385:acpiapic????????????????????????????????????????i???????????????????????????????i???????????????????????????????i???????3??6.1.7600.16385?0.1????????????????????$??i???????3??ACPI x64-based PC????i?iAC???????i???3??????hal.inf??????i?i?i???????????????????????i???3??????ACPI_AMD64_HAL?HAL???i?i?i???????????????????????i??????????acpiapic?????i?i?i???????????????????????i??????????Microso Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???j?j???j??Microsoft????k?k?????????????????????????j?j?j?j????????LegacyDriver?????j??System?exe??LegacyDriver?????????j???.??s????j?j?j????N??j????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}?CC0??? b??????D?????7-0???????????}???~???j???????????.????????????????????????????????N??j????????D?????Ndi-Mp-Bh???{71a27cdd-812a-11d0-bec7-08002be2092f}?325???j???????????????????????j???8??s ???????????????????????????????????????j?j?j???????????????????????????j???e??s0??????????root\swenum??e????N??k????????D?{4????N??k???e????D6)\??????se?????????????????s????System???-????N??j????????D?????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ???j??????????????Microsoft????????????.???????????j???j?j?j??????????????????????? ???j???T?????VD-???k?k?????????i???s???e??swenum???????j?j?j???????????D?????s\a??ROOT\vdrvroot??___??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????N???????????D?????? `????????????????????????????????s?????????????0???{??????????????????? ???????j?????j?????j????????????*? ???????O?????????? ---- EOF - GMER 2.1 ----