GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-07 23:55:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 ATA_____ rev.0003 931,51GB Running: z7h0rgt7.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\uxldqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006f9e11a8 2 bytes [9E, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006f9e127d 2 bytes CALL 758914c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000006f9e1310 2 bytes CALL 758914c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006f9e13a8 2 bytes [9E, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006f9e1422 2 bytes [9E, 6F] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4352] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006f9e1498 2 bytes [9E, 6F] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5312] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075898781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758a13f9 7 bytes JMP 000000016aa51fa0 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000758bb21b 5 bytes JMP 000000016aa51eb0 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075938ea4 7 bytes JMP 000000016aa51ea0 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075938f29 5 bytes JMP 000000016aa51f90 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075939281 5 bytes JMP 000000016aa51f20 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 000000016aa52730 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 000000016aa52790 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 000000016aa52800 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 000000016aa52980 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772de96b 5 bytes JMP 000000016aa51a20 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772deba5 5 bytes JMP 000000016aa51ab0 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075dc5ea5 5 bytes JMP 000000016aa51df0 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075df9d0b 5 bytes JMP 000000016aa51d70 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\Steam.exe[4324] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 758bb21b C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 758bb346 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 75938f29 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 7589489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 75938822 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 759389f8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 75938718 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 75938ae2 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 758afca8 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 758b68ef C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 75938fe3 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 75938b42 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 759386dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 758afd41 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 758bb2dc C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 75938ea4 C:\Windows\syswow64\kernel32.dll .text E:\Program Files (x86)\Steam\bin\steamwebhelper.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 75938671 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\84a6c8249239 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\84a6c8249239 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Kuba\Downloads\Windows 7 Sp1 Ultimate en-US (x86) Dec2014 Pre-Activation-=TEAM OS=-{HKRG}\Windows 7 Sp1 Ultimate en-US (x86) Dec2014 Pre-Activation-=TEAM OS=-{HKRG}\sources\replacementmanifests\microsoft-windows-terminalservices-appserver-licensing\tsmigplugin.dll 108032 bytes executable File C:\ProgramData\AVAST Software\Avast\lscache.dat 42 bytes ---- EOF - GMER 2.1 ----