GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-30 14:01:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.03.0 465,76GB Running: eytf7unr.exe; Driver: C:\Users\Katrin\AppData\Local\Temp\awrdapog.sys ---- User code sections - GMER 2.1 ---- ? C:\windows\system32\mssprxy.dll [2200] entry point in ".rdata" section 0000000072a371e6 .text C:\windows\system32\Dwm.exe[2964] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\windows\system32\Dwm.exe[2964] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\windows\system32\Dwm.exe[2964] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2384] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3b00b8 .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffd51f8} .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3b0038 .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3b0138 .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\WINMM.dll!waveOutReset 000007fef9d2a38c 5 bytes JMP 000007fefd3b02b8 .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\WINMM.dll!waveOutPause 000007fef9d44b60 5 bytes JMP 000007fefd3b0238 .text C:\windows\system32\taskhost.exe[3832] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef9d44ba0 5 bytes JMP 000007fefd3b01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000772f64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\WINMM.dll!waveOutReset 000007fef9d2a38c 5 bytes JMP 000007fefd3c02b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\WINMM.dll!waveOutPause 000007fef9d44b60 5 bytes JMP 000007fefd3c0238 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef9d44ba0 5 bytes JMP 000007fefd3c01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3448] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3c0138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000772f64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3c0138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\WINMM.dll!waveOutReset 000007fef9d2a38c 5 bytes JMP 000007fefd3c02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\WINMM.dll!waveOutPause 000007fef9d44b60 5 bytes JMP 000007fefd3c0238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4220] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef9d44ba0 5 bytes JMP 000007fefd3c01b8 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4664] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4712] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000102392710 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4712] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001023927f0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4712] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000102392780 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[4712] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000102392850 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bamboo Dock\BambooCore.exe[4852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4892] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\AppData\Local\lsass.exe[4944] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000103772710 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001037727f0 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000103772780 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000103772850 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5036] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[1640] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[1640] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[1640] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[1640] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[5124] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000772f64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3c0138 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\WINMM.dll!waveOutReset 000007fef9d2a38c 5 bytes JMP 000007fefd3c02b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\WINMM.dll!waveOutPause 000007fef9d44b60 5 bytes JMP 000007fefd3c0238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5132] C:\windows\system32\WINMM.dll!waveOutRestart 000007fef9d44ba0 5 bytes JMP 000007fefd3c01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5292] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5292] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[5292] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[5576] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[5696] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5936] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wbem\unsecapp.exe[5540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\windows\system32\wbem\unsecapp.exe[5540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\windows\system32\wbem\unsecapp.exe[5540] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\windows\system32\wbem\unsecapp.exe[5540] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3c0138 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000755a48cb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000755a48e3 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000755a4915 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076b49d0b 5 bytes JMP 0000000110002850 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe[4532] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5912] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\RtLED\RtLED.exe[2520] C:\windows\system32\kernel32.dll!LoadLibraryW 00000000772f64a0 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\RtLED\RtLED.exe[2520] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3daec0 1 byte JMP 000007fffd3c00b8 .text C:\Program Files\Realtek\RtLED\RtLED.exe[2520] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd3daec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\RtLED\RtLED.exe[2520] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd3dca30 5 bytes JMP 000007fffd3c0038 .text C:\Program Files\Realtek\RtLED\RtLED.exe[2520] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff6274a0 5 bytes JMP 000007fffd3c0138 .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d11401 2 bytes JMP 755cb21b C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d11419 2 bytes JMP 755cb346 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d11431 2 bytes JMP 75648fd1 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d1144a 2 bytes CALL 755a489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d114dd 2 bytes JMP 756488c4 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d114f5 2 bytes JMP 75648aa0 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d1150d 2 bytes JMP 756487ba C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d11525 2 bytes JMP 75648b8a C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d1153d 2 bytes JMP 755bfca8 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d11555 2 bytes JMP 755c68ef C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d1156d 2 bytes JMP 75649089 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d11585 2 bytes JMP 75648bea C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d1159d 2 bytes JMP 7564877e C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d115b5 2 bytes JMP 755bfd41 C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d115cd 2 bytes JMP 755cb2dc C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d116b2 2 bytes JMP 75648f4c C:\windows\syswow64\kernel32.dll .text C:\Users\Katrin\Downloads\Defogger.exe[720] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d116bd 2 bytes JMP 75648713 C:\windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Process C:\Users\Katrin\AppData\Local\winlogon.exe (*** suspicious ***) @ C:\Users\Katrin\AppData\Local\winlogon.exe [4572](2013-02-06 14:19:10) 0000000000400000 Process C:\Users\Katrin\AppData\Local\services.exe (*** suspicious ***) @ C:\Users\Katrin\AppData\Local\services.exe [4836](2013-02-06 14:19:10) 0000000000400000 Process C:\Users\Katrin\AppData\Local\lsass.exe (*** suspicious ***) @ C:\Users\Katrin\AppData\Local\lsass.exe [4944](2013-02-06 14:19:10) 0000000000400000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e93e00 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e93e00@6cb7f449881b 0x14 0xC6 0xDC 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78e93e00@300d43dc8fe8 0x59 0xDB 0xCC 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e93e00 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e93e00@6cb7f449881b 0x14 0xC6 0xDC 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78e93e00@300d43dc8fe8 0x59 0xDB 0xCC 0xBF ... ---- Files - GMER 2.1 ---- File C:\Users\Katrin\AppData\Local\Update.12.Bron.Tok.bin 41476 bytes ---- EOF - GMER 2.1 ----