GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-17 17:43:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000084 WDC_WD64 rev.01.0 596,17GB Running: o3uwwb1b.exe; Driver: C:\Users\Nikodem\AppData\Local\Temp\pwaoruod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\KERNEL32.dll .text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RayDld\ihpmServer.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[2988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\lWMiniProl\WMiniPro.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe[4848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Web Connection\Y800\BackgroundService\ModemListener.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e81401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e81419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e81431 2 bytes JMP 75788fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e8144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e814dd 2 bytes JMP 757888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e814f5 2 bytes JMP 75788aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e8150d 2 bytes JMP 757887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e81525 2 bytes JMP 75788b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e8153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e81555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e8156d 2 bytes JMP 75789089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e81585 2 bytes JMP 75788bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e8159d 2 bytes JMP 7578877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e815b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e815cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e816b2 2 bytes JMP 75788f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e816bd 2 bytes JMP 75788713 C:\Windows\syswow64\kernel32.dll