GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-29 12:12:23 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB4Z 465,76GB Running: e9qx5osq.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwddykog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB Camera2\VM332_STI.EXE[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ba1e12 5 bytes JMP 0000000173d043d0 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ba4bc6 5 bytes JMP 0000000173d04200 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075ba1e12 5 bytes JMP 0000000173d043d0 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075ba4bc6 5 bytes JMP 0000000173d04200 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075bad03c 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IB Updater\ExtensionUpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\mjcm\dnkt.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\schtasks.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe[4020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075942a62 5 bytes JMP 0000000173cf7440 .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e71401 2 bytes JMP 75bbeb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e71419 2 bytes JMP 75bcb513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e71431 2 bytes JMP 75c48609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e7144a 2 bytes CALL 75ba1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e714dd 2 bytes JMP 75c47efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e714f5 2 bytes JMP 75c480d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e7150d 2 bytes JMP 75c47df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e71525 2 bytes JMP 75c481c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e7153d 2 bytes JMP 75bbf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e71555 2 bytes JMP 75bcb885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e7156d 2 bytes JMP 75c486c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e71585 2 bytes JMP 75c48222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e7159d 2 bytes JMP 75c47db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e715b5 2 bytes JMP 75bbf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e715cd 2 bytes JMP 75bcb29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e716b2 2 bytes JMP 75c48584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Desktop\e9qx5osq.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e716bd 2 bytes JMP 75c47d4d C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeleteValueKey] [7fefd690fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtSetValueKey] [7fefd60f3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtQueryKey] [7fefd690ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtDeleteKey] [7fefd60ef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\kernel32.dll[ntdll.dll!NtOpenKeyEx] [7fefd6913d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtSetValueKey] [7fefd60f3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeleteKey] [7fefd60ef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeleteValueKey] [7fefd690fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtQueryKey] [7fefd690ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtSetValueKey] [7fefd60f3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtDeleteKey] [7fefd60ef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtOpenKeyEx] [7fefd6913d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\RPCRT4.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtSetValueKey] [7fefd60f3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[ntdll.dll!NtDeleteValueKey] [7fefd690fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\LPK.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHELL32.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwDeleteValueKey] [7fefd690fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwDeleteKey] [7fefd60ef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!ZwClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[ntdll.dll!NtQueryKey] [7fefd690ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EXPLORERFRAME.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUser.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUI70.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUI70.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\IMM32.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\IMM32.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MSCTF.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\UxTheme.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\UxTheme.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\POWRPROF.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\slc.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\gdiplus.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\gdiplus.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_2b4f45e87195fcc4\gdiplus.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\Secur32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SSPICLI.DLL[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WS2_32.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\imagehlp.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtQueryKey] [7fefd690ba0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtDeleteValueKey] [7fefd690fc0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtCreateKey] [7fefd691820] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtSetValueKey] [7fefd60f3d0] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtDeleteKey] [7fefd60ef60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtQueryValueKey] [7fefd60f860] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[ntdll.dll!NtOpenKey] [7fefd60e770] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\cscui.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\cscui.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\cscui.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\cscui.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\CSCAPI.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntshrui.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntshrui.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SndVolSSO.DLL[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SndVolSSO.DLL[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\netutils.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\msi.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\msi.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\msi.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\msi.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\WINSTA.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\WINSTA.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\OLEACC.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\OLEACC.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\OLEACC.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\OLEACC.dll[KERNEL32.dll!LoadLibraryExW] [7fefd60ca70] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\System32\OLEACC.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MsftEdit.dll[KERNEL32.dll!LoadLibraryA] [7fefd60d670] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MsftEdit.dll[USER32.dll!SendMessageW] [7fefd60e340] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\MsftEdit.dll[USER32.dll!PostMessageW] [7fefd60df20] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\wkscli.dll[ntdll.dll!NtClose] [7fefd60eb60] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryExA] [7fefd60ce80] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\system32\SXS.DLL[KERNEL32.dll!LoadLibraryW] [7fefd60d280] c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [4728:4228] 0000000002574c20 ---- Processes - GMER 2.1 ---- Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [544](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [612](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [628](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [732](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [804](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [848](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [944](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [992](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [308](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [688](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1072](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1176](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1292](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1416](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1584](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1592](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1688](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [1868](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [1892](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2040](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\hkcmd.exe [1232](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\igfxpers.exe [1780](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1756](201 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [1964](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [1928](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\ESET\ESET Smart Security\egui.exe [368](2013-11-21 08:48:40) 000007fefd590000 Process C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe (*** suspicious ***) @ C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [2052] ( /Pay By Ads LTD)(2014-10-28 13:54:17) 0000000001190000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Users\Tomek\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [2052](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2124](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2192](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2252](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2260](2013-11-21 08:48:40) 0000000073cf0000 Process C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2276](2013-11-21 08:48:40) 0000000001290000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2276](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [2284](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\schtasks.exe [2336](2013-11-21 08:48:40) 0000000073cf0000 Process C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2356](2013-11-21 08:48:40) 0000000001290000 Library C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (*** suspicious ***) @ C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2356](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [2372](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2420](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2512](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2656](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\dmwu.exe [2704](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2816](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2840](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [3464](2013-11-21 08:48:40 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\mjcm\dnkt.exe [3576](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\System32\tprb\dnkt.exe [3584](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [3652](2013-11-21 08:48:40 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [4044](2013-11-21 08:48:40) 000007fefd590000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E81ABF2-EFCB-4DF1-B130-3F54B9F57D16}\mpengine.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4004] (Microsoft Malware Protection Engine/Microsoft Corporation)(2011-10-10 14:03:15) 000007fef3f30000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E81ABF2-EFCB-4DF1-B130-3F54B9F57D16}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4004] (Offline registry DLL/Microsoft Corporation)(2014-10-29 10:16:01) 000007fef3f10000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4072](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\schtasks.exe [4272](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [4280](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [4720](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [3720](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4868](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [3872](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [1468](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe [4676](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [1128](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4728](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe [4020](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter64.exe [3728](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BOASHelper.exe [2796](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [4612](2013-11-21 08:48:40) 0000000073cf0000 Process C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe (*** suspicious ***) @ C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe [264](2014-10-28 23:57:30) 0000000000cb0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe [264](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [2184](2013-11-21 08:48:40) 0000000073cf0000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [4980](2013-11-21 08:48:40) 000007fefd590000 Library c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll (*** suspicious ***) @ C:\Users\Tomek\Desktop\e9qx5osq.exe [2504](2013-11-21 08:48:40 0000000073cf0000 ---- EOF - GMER 2.1 ----