GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-20 23:22:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f SK rev.1010 238,47GB Running: s6ugwy6g.exe; Driver: C:\Users\Pafeu\AppData\Local\Temp\uxldipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075cb8781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2024] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe[2608] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[4280] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\rundll32.exe[4180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075011401 2 bytes JMP 75cdb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075011419 2 bytes JMP 75cdb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075011431 2 bytes JMP 75d58f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007501144a 2 bytes CALL 75cb489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750114dd 2 bytes JMP 75d58822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750114f5 2 bytes JMP 75d589f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007501150d 2 bytes JMP 75d58718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075011525 2 bytes JMP 75d58ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007501153d 2 bytes JMP 75ccfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075011555 2 bytes JMP 75cd68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007501156d 2 bytes JMP 75d58fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075011585 2 bytes JMP 75d58b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007501159d 2 bytes JMP 75d586dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750115b5 2 bytes JMP 75ccfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750115cd 2 bytes JMP 75cdb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750116b2 2 bytes JMP 75d58ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750116bd 2 bytes JMP 75d58671 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\PROGRA~3\ASGVIS\DONGLE~1\STARTV~1.EXE (*** suspicious ***) @ C:\PROGRA~3\ASGVIS\DONGLE~1\STARTV~1.EXE [2552](2015-07-20 10:25:01) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\acfdce254553 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\acfdce254553 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Pafeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD Civil 3D 2010 - Polski\AutoCAD Civil 3D 2010 \x2014 calowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD Civil 3D 2010 - Polski\AutoCAD Civil 3D 2010 \x2014 calowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Pafeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD Civil 3D 2010 - Polski\AutoCAD Civil 3D 2010 \x2014 metryczne.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD Civil 3D 2010 - Polski\AutoCAD Civil 3D 2010 \x2014 metryczne.lnk 1 ---- EOF - GMER 2.1 ----