GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-07 19:13:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 Samsung_SSD_850_PRO_256GB rev.EXM02B6Q 238,47GB Running: 201rkkht.exe; Driver: C:\Users\ROMI\AppData\Local\Temp\uwrdrpog.sys ---- Kernel code sections - GMER 2.2 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff880013694a0 12 bytes {MOV RAX, 0xfffffa80036a22a0; JMP RAX} .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88005828d8c 12 bytes {MOV RAX, 0xfffffa8004fc32a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[1940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2548] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.Service.exe[3364] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\KazooServer\KazooServer.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075332bdc 5 bytes JMP 0000000000b58c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[5920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Linn\Songcast\Songcast.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[5504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 0000000077540134 5 bytes JMP 00000000001d0c04 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077540480 5 bytes JMP 00000000001d09e8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000775405a8 5 bytes JMP 00000000001d08da .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754076c 5 bytes JMP 00000000001d028c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000775408fc 5 bytes JMP 00000000001d05b2 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077540990 5 bytes JMP 00000000001c0e1e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077540a0c 2 bytes JMP 00000000001d0af6 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 3 0000000077540a0f 2 bytes [C9, 88] .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 000000007754116c 5 bytes JMP 00000000001d0070 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000775411fc 5 bytes JMP 00000000001d017e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077541274 5 bytes JMP 00000000001c0d10 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!RtlInitializeHandleTable + 432 0000000077562c3d 7 bytes JMP 00000000001c0f2c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\SysWOW64\ntdll.dll!RtlGetFrame + 245 00000000775bfe6f 7 bytes JMP 00000000001d06c0 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA + 568 00000000766b1038 7 bytes JMP 00000000001a06c0 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!CreateProcessW + 48 00000000766b106d 7 bytes JMP 00000000001b07ce .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19 00000000766b182d 7 bytes JMP 00000000001a04a4 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!DuplicateHandle + 102 00000000766b18c8 7 bytes JMP 00000000001a05b2 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!MapViewOfFile + 19 00000000766b18e0 7 bytes JMP 00000000001b09ea .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!ReadFile + 132 00000000766b3f17 7 bytes JMP 00000000001a017e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 00000000766b4322 7 bytes JMP 00000000001a0af8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!DisableThreadLibraryCalls + 41 00000000766b48d6 7 bytes JMP 00000000001b017e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA + 19 00000000766b48ee 7 bytes JMP 00000000001a0e1e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!GetModuleFileNameW + 8 00000000766b4920 7 bytes JMP 00000000001a09ea .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!GetSystemInfo + 8 00000000766b499a 7 bytes JMP 00000000001b039a .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81 00000000766b49f0 7 bytes JMP 00000000001a0d10 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!CreateMutexA + 19 00000000766b4c46 7 bytes JMP 00000000001b0070 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 00000000766b5389 7 bytes JMP 00000000001b028c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!FindNextFileW + 19 00000000766b54c9 7 bytes JMP 00000000001b08dc .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000766b8791 5 bytes JMP 0000000053a350c3 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!OpenFile + 435 00000000766ca4ca 7 bytes JMP 00000000001a0396 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!SetProcessPriorityBoost + 48 00000000766cd9bb 7 bytes JMP 00000000001b04a8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19 00000000766cd9eb 7 bytes JMP 00000000001a0c02 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 00000000766ceba5 7 bytes JMP 00000000001b06c4 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!SetMessageWaitingIndicator + 200 00000000767331f4 7 bytes JMP 00000000001a0f2c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!CreatePipe + 11 00000000767348ae 7 bytes JMP 00000000001a07ce .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\kernel32.dll!VirtualAllocExNuma + 11 0000000076734d02 7 bytes JMP 00000000001b05b6 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileMappingNumaW 000000007532e81c 5 bytes JMP 00000000001b0d14 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileMappingW 000000007532e94b 5 bytes JMP 00000000001c04a4 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!MapViewOfFile 000000007532ec51 5 bytes JMP 00000000001c05b2 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!MapViewOfFileEx 000000007532ecea 5 bytes JMP 00000000001c0070 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007532edc6 5 bytes JMP 00000000001c09ea .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!VirtualProtectEx 000000007532efbf 5 bytes JMP 00000000001c039a .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!VirtualAllocEx 000000007532f088 5 bytes JMP 00000000001c06c0 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!VirtualProtect 000000007532f0e6 5 bytes JMP 00000000001b0f2c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!VirtualAlloc 000000007532f125 5 bytes JMP 00000000001b0c06 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075332e40 5 bytes JMP 00000000001c0af8 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075333fdf 5 bytes JMP 00000000001c08dc .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075335610 5 bytes JMP 00000000001c07ce .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileW 000000007533c40d 5 bytes JMP 00000000001c028c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000756e6113 5 bytes JMP 00000000544f672c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000769e3e59 5 bytes JMP 0000000053a60e0b .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000769e3eae 5 bytes JMP 0000000053a6b29f .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000769e4731 5 bytes JMP 0000000053ac005c .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000769e5dee 5 bytes JMP 0000000053a9f81e .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331 0000000076b2ceeb 7 bytes JMP 00000000001d0f2a ? C:\Windows\system32\mssprxy.dll [10188] entry point in ".rdata" section 00000000598871e6 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c31401 2 bytes JMP 766db263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c31419 2 bytes JMP 766db38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c31431 2 bytes JMP 767590f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c3144a 2 bytes CALL 766b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c314dd 2 bytes JMP 767589ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c314f5 2 bytes JMP 76758bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c3150d 2 bytes JMP 767588e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c31525 2 bytes JMP 76758caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c3153d 2 bytes JMP 766cfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c31555 2 bytes JMP 766d6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c3156d 2 bytes JMP 767591a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c31585 2 bytes JMP 76758d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c3159d 2 bytes JMP 767588a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c315b5 2 bytes JMP 766cfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c315cd 2 bytes JMP 766db324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c316b2 2 bytes JMP 7675906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c316bd 2 bytes JMP 76758839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[10188] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1045\MSMAPI32.DLL!HrDispatchNotifications@4 + 112 000000006d3e1b80 4 bytes [9B, DE, 4A, 33] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001098f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001098cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800109969c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001099a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010998f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7feefdd741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7feefdd5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7feefdd5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7feefdd5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7feefdd7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7feefdd6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7feefdd6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7feefdd7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7feefdd7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7feefdd78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7feefdd4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7feefdd5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3236] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7feefdd7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort4 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa800394b2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa800394b2c0 Device \Driver\JRAID \Device\Scsi\JRAID1Port0Path0Target0Lun0 fffffa800394d2c0 Device \Driver\JRAID \Device\Scsi\JRAID1Port0Path0Target1Lun0 fffffa800394d2c0 Device \Driver\JRAID \Device\Scsi\JRAID1 fffffa800394d2c0 Device \Driver\a56fdwrl \Device\Scsi\a56fdwrl1 fffffa80050202c0 Device \FileSystem\Ntfs \Ntfs fffffa80039532c0 Device \FileSystem\fastfat \Fat fffffa80077862c0 Device \Driver\a56fdwrl \Device\ScsiPort7 fffffa80050202c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004fc52c0 Device \Driver\cdrom \Device\CdRom0 fffffa80044912c0 Device \Driver\cdrom \Device\CdRom1 fffffa80044912c0 Device \Driver\cdrom \Device\CdRom2 fffffa80044912c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004fc52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8357934B-E6AB-4241-868C-F34F56A7173C} fffffa80044ab2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004fc52c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80044ab2c0 Device \Driver\JRAID \Device\ScsiPort0 fffffa800394d2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004fc52c0 Device \Driver\atapi \Device\ScsiPort1 fffffa800394b2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa800394b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{10D55A14-5D2B-4F16-B226-08450D80FEBC} fffffa80044ab2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa800394b2c0 Device \Driver\atapi \Device\ScsiPort4 fffffa800394b2c0 Device \Driver\atapi \Device\ScsiPort5 fffffa800394b2c0 Device \Driver\atapi \Device\ScsiPort6 fffffa800394b2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys >>UNKNOWN [0xfffffa800394b2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa800394b2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041ae060] fffffa80041ae060 Trace 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa80040b3850] fffffa80040b3850 Trace 5 vsflt67.sys[fffff88000ee77cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8003f6f060] fffffa8003f6f060 Trace \Driver\atapi[0xfffffa8003e012d0] -> IRP_MJ_CREATE -> 0xfffffa800394b2c0 fffffa800394b2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a56fdwrl.SYS fffff88005ae1000-fffff88005b2d000 (311296 bytes) ---- Threads - GMER 2.2 ---- Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2636] 0000000077571fd7 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2648] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2652] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2656] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2660] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2664] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2708] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2712] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2740] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2744] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2748] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2752] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2768] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2772] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2788] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2792] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2796] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2804] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2808] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2812] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2816] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2840] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2876] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2964] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2968] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2972] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:2976] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:3040] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:3112] 0000000077578418 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:3244] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:3492] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:5236] 0000000077578418 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10120] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10932] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10776] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10500] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:8520] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:7540] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:9904] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:7424] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10336] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:9980] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:10604] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:1792] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:8964] 00000000728529e1 Thread C:\PCMDataBases\MSSQL10.PCMSERVER\MSSQL\Binn\sqlservr.exe [2592:7380] 00000000728529e1 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7E 0x9D 0x9F 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3D 0x41 0x2A 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3C 0x3C 0xBB 0x0B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA7 0x51 0x25 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x1C 0x9C 0xDE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x22 0x46 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD2 0x40 0xD9 0x75 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice@Progid ACDSee Pro 6.032 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice@Progid ACDSee Pro 6.abr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice@Progid ACDSee Pro 6.ani Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice@Progid ACDSee Pro 6.apd Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice@Progid ACDSee Pro 6.arw Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b64\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b64\UserChoice@Progid ACDSee Pro 3.b64 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice@Progid ACDSee Pro 6.bay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice@Progid ACDSee Pro 5.bw Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bz2\UserChoice@Progid ACDSee Pro 3.bz2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbr\UserChoice@Progid ACDSee Pro 3.cbr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbz\UserChoice@Progid ACDSee Pro 3.cbz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice@Progid ACDSee Pro 6.cs1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice@Progid ACDSee Pro 6.cur Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice@Progid ACDSee Pro 6.dcx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice@Progid ACDSee Pro 6.djv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice@Progid ACDSee Pro 6.djvu Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice@Progid ACDSee Pro 6.eps Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice@Progid ACDSee Pro 6.fff Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice@Progid ACDSee Pro 5.fpx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gz\UserChoice@Progid ACDSee Pro 3.gz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice@Progid ACDSee Pro 6.icl Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice@Progid ACDSee Pro 6.icn Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice@Progid ACDSee Pro 5.iff Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice@Progid ACDSee Pro 5.ilbm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice@Progid ACDSee Pro 5.int Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice@Progid ACDSee Pro 5.inta Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice@Progid ACDSee Pro 6.iw4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice@Progid ACDSee Pro 6.j2c Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice@Progid ACDSee Pro 6.j2k Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice@Progid ACDSee Pro 6.jbr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice@Progid ACDSee Pro 6.jif Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice@Progid ACDSee Pro 6.jp2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice@Progid ACDSee Pro 6.jpc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice@Progid ACDSee Pro 6.jpk Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice@Progid ACDSee Pro 6.jpx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice@Progid ACDSee Pro 6.kdc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice@Progid ACDSee Pro 5.lbm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice@Progid ACDSee Pro 6.mef Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mim\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mim\UserChoice@Progid ACDSee Pro 3.mim Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mme\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mme\UserChoice@Progid ACDSee Pro 3.mme Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice@Progid ACDSee Pro 6.nrw Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice@Progid ACDSee Pro 6.pbr Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice@Progid ACDSee Pro 6.pct Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice@Progid ACDSee Pro 5.pgm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice@Progid ACDSee Pro 6.pic Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice@Progid ACDSee Pro 6.pict Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice@Progid ACDSee Pro 5.pix Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice@Progid ACDSee Pro 5.ppm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice@Progid ACDSee Pro 6.psp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice@Progid ACDSee Pro 6.pspbrush Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice@Progid ACDSee Pro 6.pspimage Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice@Progid ACDSee Pro 3.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice@Progid ACDSee Pro 5.ras Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice@Progid ACDSee Pro 6.raw Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice@Progid ACDSee Pro 5.rgb Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice@Progid ACDSee Pro 5.rgba Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice@Progid ACDSee Pro 5.rsb Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice@Progid ACDSee Pro 6.rwl Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sef\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sef\UserChoice@Progid ACDSee Pro 3.sef Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice@Progid ACDSee Pro 5.sgi Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice@Progid ACDSee Pro 6.sr2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tar\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tar\UserChoice@Progid ACDSee Pro 3.tar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.taz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.taz\UserChoice@Progid ACDSee Pro 3.taz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tbz\UserChoice@Progid ACDSee Pro 3.tbz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tgz\UserChoice@Progid ACDSee Pro 3.tgz Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice@Progid ACDSee Pro 6.thm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice@Progid IE.AssocFile.URL Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uue\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.uue\UserChoice@Progid ACDSee Pro 3.uue Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice@Progid ACDSee Pro 2.5.v25po Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice@Progid ACDSee Pro 2.5.v25pp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice@Progid ACDSee Pro 2.5.v25ppf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice@Progid ACDSee Pro 3.v30po Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice@Progid ACDSee Pro 3.v30pp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice@Progid ACDSee Pro 3.v30ppf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice@Progid ACDSee Pro 6.v60po Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice@Progid ACDSee Pro 6.v60pp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice@Progid ACDSee Pro 6.v60ppf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice@Progid ACDSee Pro 6.wbm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice@Progid ACDSee Pro 6.wbmp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice@Progid WMP11.AssocFile.WMD Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice@Progid WMP11.AssocFile.WMS Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice@Progid WMP11.AssocFile.WMZ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice@Progid ACDSee Pro 5.xbm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice@Progid ACDSee Pro 6.xif Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice@Progid ACDSee Pro 6.xmp Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice@Progid ACDSee Pro 5.xpm Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z\UserChoice Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.z\UserChoice@Progid ACDSee Pro 3.z ---- EOF - GMER 2.2 ----