GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-28 19:31:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800JD-22LSA0 rev.06.01D06 74,53GB Running: ntdpo548.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\aftcaaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ce17fa 2 bytes CALL 769311a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ce1860 2 bytes CALL 769311a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ce1942 2 bytes JMP 754f7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ce194d 2 bytes JMP 754fcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe[3536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[272] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077082bdc 5 bytes JMP 0000000000928c60 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\OriginWebHelperService.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b61401 2 bytes JMP 7695b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b61419 2 bytes JMP 7695b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b61431 2 bytes JMP 769d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b6144a 2 bytes CALL 769348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b614dd 2 bytes JMP 769d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b614f5 2 bytes JMP 769d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b6150d 2 bytes JMP 769d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b61525 2 bytes JMP 769d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b6153d 2 bytes JMP 7694fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b61555 2 bytes JMP 76956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b6156d 2 bytes JMP 769d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b61585 2 bytes JMP 769d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b6159d 2 bytes JMP 769d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b615b5 2 bytes JMP 7694fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b615cd 2 bytes JMP 7695b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b616b2 2 bytes JMP 769d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b616bd 2 bytes JMP 769d8839 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [3508:6284] 000007fee9469688 ---- EOF - GMER 2.2 ----