GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-22 22:46:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 ADAT___ rev.O080 223,57GB Running: p6rudrvm.exe; Driver: C:\Users\DUMSI~1\AppData\Local\Temp\uwrdrpob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[872] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076f09010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074bb2bdc 5 bytes JMP 0000000000e28c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[1360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c91401 2 bytes JMP 7623b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c91419 2 bytes JMP 7623b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c91431 2 bytes JMP 762b90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c9144a 2 bytes CALL 762148ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c914dd 2 bytes JMP 762b89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c914f5 2 bytes JMP 762b8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c9150d 2 bytes JMP 762b88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c91525 2 bytes JMP 762b8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c9153d 2 bytes JMP 7622fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c91555 2 bytes JMP 76236937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c9156d 2 bytes JMP 762b91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c91585 2 bytes JMP 762b8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c9159d 2 bytes JMP 762b88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c915b5 2 bytes JMP 7622fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c915cd 2 bytes JMP 7623b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c916b2 2 bytes JMP 762b906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c916bd 2 bytes JMP 762b8839 C:\Windows\syswow64\kernel32.dll ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes ---- EOF - GMER 2.2 ----