GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-04-21 11:30:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: vpjw9vzc.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\pxldrpob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000115900 7 bytes [40, 4C, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000115908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1612] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075253491 4 bytes {CALL 0xffffffff8be833cc} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef21a2460 5 bytes JMP 000007fefd3002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3824] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef21d96b0 6 bytes JMP 000007fefd300298 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fee70fdc88 5 bytes JMP 000007fee6ef00d8 .text C:\Windows\system32\Dwm.exe[3840] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fee70fde10 5 bytes JMP 000007fee6ef0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4048] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4148] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Windows\System32\igfxpers.exe[4284] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000000f6f046 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!CreateThread + 28 0000000075253491 4 bytes {CALL 0xffffffff8be833cc} .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[4504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[4524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\CCleaner\CCleaner64.exe[4532] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\RocketDock\RocketDock.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar.exe[4604] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\AppData\Roaming\uTorrent\uTorrent.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Windows\system32\wbem\unsecapp.exe[4760] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text D:\POBRANE\PROGRAMY\ZAINSTALOWANE\DAEMON Tools Lite\DTAgent.exe[4792] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007730a3f0 7 bytes JMP 000000006fff0228 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077313f00 5 bytes JMP 000000006fff0180 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007732ffd0 5 bytes JMP 000000006fff01b8 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007733f3f0 5 bytes JMP 000000006fff0110 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077369c80 7 bytes JMP 000000006fff00d8 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077379710 5 bytes JMP 000000006fff0148 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077398ab0 7 bytes JMP 000000006fff01f0 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3132f0 7 bytes JMP 000007fefd3000d8 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd31aa60 5 bytes JMP 000007fefd300180 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd31ac00 5 bytes JMP 000007fefd300110 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd329ac0 5 bytes JMP 000007fefd300148 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee48840 8 bytes JMP 000007fefd3001f0 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee4b9f0 8 bytes JMP 000007fefd3001b8 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeed6d10 11 bytes JMP 000007fefd300228 .text C:\Dolby PCEE4\pcee4.exe[4688] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeeb4f0 7 bytes JMP 000007fefd300260 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e35e75 5 bytes JMP 0000000068b82840 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e69cbb 5 bytes JMP 0000000068b827d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075251eee 7 bytes JMP 0000000068b83880 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075255b85 7 bytes JMP 0000000068b83ec0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075261409 7 bytes JMP 0000000068b83ad0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007526ea5d 7 bytes JMP 0000000068b83870 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000752f90c4 7 bytes JMP 0000000068b833c0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000752f9149 5 bytes JMP 0000000068b83470 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000752f949f 5 bytes JMP 0000000068b833d0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075181e4c 5 bytes JMP 0000000068b83380 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075181efa 5 bytes JMP 0000000068b83340 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075182bdc 5 bytes JMP 0000000068b83480 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075182e7e 5 bytes JMP 0000000068b83190 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dbe757 5 bytes JMP 0000000068b829a0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dbe991 5 bytes JMP 0000000068b829c0 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000068b82880 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f5645 5 bytes JMP 0000000068b83110 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720f61f 5 bytes JMP 0000000068b83180 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077230867 5 bytes JMP 0000000068b82700 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247af4 5 bytes JMP 0000000068b83100 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758b1401 2 bytes JMP 7527b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758b1419 2 bytes JMP 7527b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758b1431 2 bytes JMP 752f9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758b144a 2 bytes CALL 75254885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758b14dd 2 bytes JMP 752f8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758b14f5 2 bytes JMP 752f8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758b150d 2 bytes JMP 752f8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758b1525 2 bytes JMP 752f8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758b153d 2 bytes JMP 7526fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758b1555 2 bytes JMP 75276907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758b156d 2 bytes JMP 752f9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758b1585 2 bytes JMP 752f8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758b159d 2 bytes JMP 752f88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758b15b5 2 bytes JMP 7526fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758b15cd 2 bytes JMP 7527b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758b16b2 2 bytes JMP 752f90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotr\Desktop\vpjw9vzc.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758b16bd 2 bytes JMP 752f8891 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [3156:3644] 000007feec989688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5652:5972] 000007fefb522be0 ---- Processes - GMER 2.2 ---- Library C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000000013f0f0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feee150000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feede10000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feedad0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feed780000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feec2e0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feebd60000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feebb80000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeb7e0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeb440000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeb250000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 0000000010000000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeb060000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeae20000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\RTPControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feeab70000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\RtpShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feea990000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feea6a0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\rtp.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feea4a0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ArwControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007feea1a0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacSdkShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee9fc0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee9d90000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ArwSdkShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee9bb0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee94f0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\AEControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee8620000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\AeShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee8440000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SPControllerImpl.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee81e0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee7fb0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionShim.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee7dc0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fee7ba0000 Library C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2948] 000007fed6860000 Library C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000001150000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 00000000742c0000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000074050000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000074b60000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000073ae0000 Library C:\Program Files\Malwarebytes\Anti-Malware\MSVCP120.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2017-04-20 11:18:13) 0000000073a60000 Library C:\Program Files\Malwarebytes\Anti-Malware\MSVCR120.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] (Microsoft® C Runtime Library/Microsoft Corporation SIGNED)(2017-04-20 11:18:13) 0000000072c00000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 00000000686b0000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067f20000 Library C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067090000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000068c40000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000068510000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067080000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067070000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067030000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000067020000 Library C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000066fe0000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000066fd0000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000066f40000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000066f00000 Library C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 0000000064830000 Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bde0000 Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bcc0000 Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bce0000 Library C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bdd0000 Library C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bc00000 Library C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll (*** suspicious ***) @ C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [4524] 000000005bbf0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d81929e432 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d81929e432 Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\60d81929e432 (not active ControlSet) ---- EOF - GMER 2.2 ----