GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-24 16:13:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Samsung_SSD_850_EVO_250GB rev.EMT02B6Q 232,89GB Running: 6jk1bk1s.exe; Driver: C:\Users\Alek\AppData\Local\Temp\aftcqaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alek\AppData\Local\Akamai\netsession_win.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[2980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 00000000717171e6 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3228] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074a12bdc 5 bytes JMP 000000005e497d1d .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074a12e7e 5 bytes JMP 000000005e497d87 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4952] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000685317fa 2 bytes CALL 766811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4952] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000068531860 2 bytes CALL 766811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4952] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000068531942 2 bytes JMP 761d6da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4952] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000006853194d 2 bytes JMP 761de8de C:\Windows\syswow64\WS2_32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[5692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000768e1401 2 bytes JMP 766ab233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000768e1419 2 bytes JMP 766ab35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000768e1431 2 bytes JMP 76729149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000768e144a 2 bytes CALL 76684885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768e14dd 2 bytes JMP 76728a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768e14f5 2 bytes JMP 76728c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000768e150d 2 bytes JMP 76728938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000768e1525 2 bytes JMP 76728d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000768e153d 2 bytes JMP 7669fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000768e1555 2 bytes JMP 766a6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000768e156d 2 bytes JMP 76729201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000768e1585 2 bytes JMP 76728d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000768e159d 2 bytes JMP 767288fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768e15b5 2 bytes JMP 7669fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768e15cd 2 bytes JMP 766ab2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768e16b2 2 bytes JMP 767290c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768e16bd 2 bytes JMP 76728891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee892741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee8925f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee8925674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee8925e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee8927f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee8926a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee8926ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee8927b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee8927ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee89278b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee8924fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee8925d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4716] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee8927584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [5992:7088] 000007feecab9688 ---- Processes - GMER 2.2 ---- Library C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (*** suspicious ***) @ C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [5860] 0000000140000000 Library C:\Program Files\DAEMON Tools Lite\imgengine.dll (*** suspicious ***) @ C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [5860] 000007fee30a0000 Library C:\Program Files\DAEMON Tools Lite\sptdintf.dll (*** suspicious ***) @ C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [5860] 000007feebd50000 Library C:\Program Files\DAEMON Tools Lite\VDriveLib.dll (*** suspicious ***) @ C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [5860] 000007fee2f60000 ---- EOF - GMER 2.2 ----