GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-12 17:27:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB Running: s9w73jmn.exe; Driver: C:\Users\PAWEPE~1\AppData\Local\Temp\ufldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\services.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\winlogon.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\System32\svchost.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\svchost.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1452] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Windows\system32\taskeng.exe[2096] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef811dc88 5 bytes JMP 000007fff7f100d8 .text C:\Windows\system32\Dwm.exe[2264] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef811de10 5 bytes JMP 000007fff7f10110 .text C:\Windows\Explorer.EXE[2320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[2488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\rundll32.exe[3024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000073ff17fa 2 bytes CALL 768011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000073ff1860 2 bytes CALL 768011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000073ff1942 2 bytes JMP 771d7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000073ff194d 2 bytes JMP 771dcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] ? C:\Windows\system32\mssprxy.dll [3176] entry point in ".rdata" section 0000000072d771e6 .text C:\Windows\System32\hkcmd.exe[3328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Windows\System32\igfxpers.exe[3408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef6d22460 5 bytes JMP 000007fefd4c02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef6d596b0 6 bytes JMP 000007fefd4c0298 .text C:\Windows\system32\conhost.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[440] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4260] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[2384] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\screenSHU\screenSHU.exe[5264] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd3400d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd340148 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd340180 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd340110 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd3401f0 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd3401b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd340228 .text C:\Program Files\CCleaner\CCleaner64.exe[5472] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd340260 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[5684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[5712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5788] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd350148 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd350180 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd350110 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd350228 .text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5816] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd350260 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[5844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076808769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text D:\Programy\Avast\avastui.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[5956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007722a3e0 7 bytes JMP 000000016fff0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077233f00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007724fff0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007725f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007727efcd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077289ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077299540 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772996b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772b8860 7 bytes JMP 000000016fff0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[3904] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe[5652] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text D:\Programy\MagicISO\MagicDisc\MagicDisc.exe[6080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[3636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Windows\system32\wbem\unsecapp.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd4c00d8 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd54a590 6 bytes JMP 000007fffd4c0148 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd54ac00 5 bytes JMP 000007fffd4c0180 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd54ada0 5 bytes JMP 000007fffd4c0110 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee17490 11 bytes JMP 000007fffd4c0228 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefee2bf00 7 bytes JMP 000007fffd4c0260 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaf89e0 8 bytes JMP 000007fffd4c01f0 .text C:\Windows\system32\wuauclt.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeafbe40 8 bytes JMP 000007fffd4c01b8 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076801eee 7 bytes JMP 000000016fae1695 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076805b85 7 bytes JMP 000000016fae11a9 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768113e1 7 bytes JMP 000000016fae128a .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007681ea15 7 bytes JMP 000000016fae1244 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007682a2cd 1 byte [62] .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007682b1ef 5 bytes JMP 000000016fae15aa .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768a8e84 7 bytes JMP 000000016fae1339 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000768a8f09 5 bytes JMP 000000016fae16d6 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768a925f 5 bytes JMP 000000016fae170d .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767a1d29 5 bytes JMP 000000016fae11c2 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767a1dd7 5 bytes JMP 000000016fae1014 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767a2ab1 5 bytes JMP 000000016fae1555 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767a2d17 5 bytes JMP 000000016fae1271 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007510e96b 5 bytes JMP 000000016fae15c3 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007510eba5 5 bytes JMP 000000016fae1186 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075228a29 3 bytes JMP 000000016fae1726 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\USER32.dll!CreateWindowExW + 4 0000000075228a2d 1 byte [FA] .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075234572 5 bytes JMP 000000016fae10a0 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007524e567 5 bytes JMP 000000016fae1415 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075287a5c 5 bytes JMP 000000016fae15d2 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077085ea5 5 bytes JMP 000000016fae15fa .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000770b9d0b 5 bytes JMP 000000016fae121c .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a41401 2 bytes JMP 7682b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a41419 2 bytes JMP 7682b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a41431 2 bytes JMP 768a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a4144a 2 bytes CALL 76804885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a414dd 2 bytes JMP 768a8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a414f5 2 bytes JMP 768a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a4150d 2 bytes JMP 768a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a41525 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a4153d 2 bytes JMP 7681fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a41555 2 bytes JMP 768268bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a4156d 2 bytes JMP 768a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a41585 2 bytes JMP 768a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a4159d 2 bytes JMP 768a86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a415b5 2 bytes JMP 7681fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a415cd 2 bytes JMP 7682b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a416b2 2 bytes JMP 768a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Paweł Perzyna\Desktop\s9w73jmn.exe[852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a416bd 2 bytes JMP 768a8651 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800108ee94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800108ec38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800108f654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800108fa50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800108f8ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa800570c2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80068f92c0 Device \Driver\cdrom \Device\CdRom0 fffffa80068212c0 Device \Driver\cdrom \Device\CdRom1 fffffa80068212c0 Device \Driver\cdrom \Device\CdRom2 fffffa80068212c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CF414ACF-CB75-4109-BBC5-24E7083E0049} fffffa8006b302c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80068f92c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DB4DF3AE-0F55-41A3-BB52-4B3909E2FB7E} fffffa8006b302c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80068f92c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{36B58BCE-8114-4898-A244-9AAA98FC7DC2} fffffa8006b302c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b302c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80068f92c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{84109C95-96CB-4030-A0F0-B662553CE777} fffffa8006b302c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [840:1824] 000007fef8de4f84 Thread C:\Windows\system32\svchost.exe [840:3664] 000007fef4e6d3c8 Thread C:\Windows\system32\svchost.exe [840:2784] 000007fef4e6d3c8 Thread C:\Windows\system32\svchost.exe [840:3532] 000007fef4e6d3c8 Thread C:\Windows\system32\svchost.exe [840:1804] 000007fef4e6d3c8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5676:2852] 000007fefb562bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5676:4532] 000007fef348cf60 Thread C:\Windows\System32\svchost.exe [2172:4520] 000007fef2809688 ---- Processes - GMER 2.1 ---- Library c:\users\pawepe~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk8rhg9.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652](2015-05-12 14:37:47) 0000000002da0000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006c450000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005c10000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000065a70000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006c160000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652](2015-03-04 21:45:30) 000000006e770000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e590000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064a80000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064860000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064600000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000072680000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652](2015-03-04 21:45:30) 0000000072db0000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000072650000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000070710000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e310000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652](2015-03-04 21:45:30) 000000006c080000 Library C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Paweł Perzyna\AppData\Roaming\Dropbox\bin\Dropbox.exe [5652](2015-03-04 21:45:30) 000000006e2d0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7e667a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7e667a@1887960e62ec 0xED 0xEB 0x30 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e839df56bc03 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CF414ACF-CB75-4109-BBC5-24E7083E0049}@LeaseObtainedTime 1431442468 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CF414ACF-CB75-4109-BBC5-24E7083E0049}@T1 1431442595 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CF414ACF-CB75-4109-BBC5-24E7083E0049}@T2 1431442691 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CF414ACF-CB75-4109-BBC5-24E7083E0049}@LeaseTerminatesTime 1431442723 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7e667a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7e667a@1887960e62ec 0xED 0xEB 0x30 0xD4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e839df56bc03 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----