GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-29 09:51:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000076 INTEL___ rev.400i 111,79GB Running: 9pp9stsf.exe; Driver: C:\Users\Ann\AppData\Local\Temp\pxldipod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2440] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075608791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\Ann\AppData\Local\GG\Application\ggdrive\ggdrive.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AIMP2\AIMP2.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b11401 2 bytes JMP 7562b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b11419 2 bytes JMP 7562b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b11431 2 bytes JMP 756a9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b1144a 2 bytes CALL 756048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b114dd 2 bytes JMP 756a890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b114f5 2 bytes JMP 756a8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b1150d 2 bytes JMP 756a8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b11525 2 bytes JMP 756a8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b1153d 2 bytes JMP 7561fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b11555 2 bytes JMP 75626907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b1156d 2 bytes JMP 756a90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b11585 2 bytes JMP 756a8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b1159d 2 bytes JMP 756a87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b115b5 2 bytes JMP 7561fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b115cd 2 bytes JMP 7562b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b116b2 2 bytes JMP 756a8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ACD Systems\ACDSee Free\ACDSeeFreeInTouch2.exe[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b116bd 2 bytes JMP 756a8759 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef428741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef4285f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef4285674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef4285e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef4287f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef4286a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef4286ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef4287b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef4287ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef42878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef4284fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef4285d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef4287584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1836] (GG drive overlay/GG Network S.A.)(2015-02-19 06:53:29) 000000005c080000 Library C:\Users\Ann\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1836] (GG drive menu/GG Network S.A.)(2014-12 000000005ff80000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [4428] (GG drive overlay/GG Network S.A.)(2015-02- 000000005c080000 ---- EOF - GMER 2.1 ----