GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-16 13:59:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: yqbnhjcx.exe; Driver: C:\Users\Ben\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077699710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a3f0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f00 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffd0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f3f0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077699710 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b8ab0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Windows\system32\nvwmi64.exe[1456] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077699710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Program Files\Common Files\SPBA\upeksvr.exe[1560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef210dc88 5 bytes JMP 000007fef1f000d8 .text C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef210de10 5 bytes JMP 000007fef1f00110 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2456] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Windows\System32\igfxpers.exe[1368] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007762a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077633f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007764ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007765f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077689c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077699710 5 bytes JMP 000000006fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776b8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Program Files\IDT\WDM\sttray64.exe[2220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe[3012] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077508a29 5 bytes JMP 0000000073db3840 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000773a5dd5 5 bytes JMP 0000000073db3800 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9c5b 5 bytes JMP 0000000073db3720 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077508a29 5 bytes JMP 0000000073db3840 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000773a5dd5 5 bytes JMP 0000000073db3800 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9c5b 5 bytes JMP 0000000073db3720 .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073df1003 2 bytes [DF, 73] .text C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe[3316] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073df1016 2 bytes [DF, 73] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000773a5dd5 5 bytes JMP 0000000073db3800 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9c5b 5 bytes JMP 0000000073db3720 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077508a29 5 bytes JMP 0000000073db3840 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5044] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Windows\System32\mobsync.exe[5500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4008] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077508a29 5 bytes JMP 0000000073db3840 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073df1003 2 bytes [DF, 73] .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073df1016 2 bytes [DF, 73] .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000773a5dd5 5 bytes JMP 0000000073db3800 .text C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[6016] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9c5b 5 bytes JMP 0000000073db3720 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073df1003 2 bytes [DF, 73] .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073df1016 2 bytes [DF, 73] .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[5268] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007762a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077633f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007764ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007765f3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077689c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077699710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000776b8ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe[4728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075f81401 2 bytes JMP 75ffb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075f81419 2 bytes JMP 75ffb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075f81431 2 bytes JMP 76079149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075f8144a 2 bytes CALL 75fd4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075f814dd 2 bytes JMP 76078a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075f814f5 2 bytes JMP 76078c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075f8150d 2 bytes JMP 76078938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075f81525 2 bytes JMP 76078d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075f8153d 2 bytes JMP 75fefcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075f81555 2 bytes JMP 75ff6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075f8156d 2 bytes JMP 76079201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075f81585 2 bytes JMP 76078d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075f8159d 2 bytes JMP 760788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075f815b5 2 bytes JMP 75fefd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075f815cd 2 bytes JMP 75ffb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075f816b2 2 bytes JMP 760790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\InsERT\InsERT GT\Subiekt.exe[6308] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075f816bd 2 bytes JMP 76078891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7632f0 7 bytes JMP 000007fefd7500d8 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd76aa60 5 bytes JMP 000007fefd750180 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd76ac00 5 bytes JMP 000007fefd750110 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd779ac0 5 bytes JMP 000007fefd750148 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff718810 8 bytes JMP 000007fefd7501f0 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff71b9e0 8 bytes JMP 000007fefd7501b8 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec74650 6 bytes JMP 000007fefd750228 .text C:\Windows\splwow64.exe[1860] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec85f10 7 bytes JMP 000007fefd750260 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fd1eee 7 bytes JMP 0000000073db5230 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fd5b85 7 bytes JMP 0000000073db5870 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075fe1409 7 bytes JMP 0000000073db5480 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075feea5d 7 bytes JMP 0000000073db5220 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000760790c4 7 bytes JMP 0000000073db4850 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076079149 5 bytes JMP 0000000073db4a30 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007607949f 5 bytes JMP 0000000073db4860 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b61e4c 5 bytes JMP 0000000073db4770 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b61efa 5 bytes JMP 0000000073db4680 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b62bdc 5 bytes JMP 0000000073db4a40 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b62e7e 5 bytes JMP 0000000073db4370 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ede743 5 bytes JMP 0000000073db3980 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ede97d 5 bytes JMP 0000000073db3990 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077515645 5 bytes JMP 0000000073db4300 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007752f61f 5 bytes JMP 0000000073db4360 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000077550867 5 bytes JMP 0000000073db3600 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077567af4 5 bytes JMP 0000000073db42d0 .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073df1003 2 bytes [DF, 73] .text C:\Users\Ben\Desktop\FRST\yqbnhjcx.exe[9292] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073df1016 2 bytes [DF, 73] ---- Threads - GMER 2.2 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4068:4080] 0000000077a7046c Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4068:4084] 0000000075fa7587 Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4068:3452] 0000000077a6f523 Thread C:\Windows\SysWOW64\svchost.exe [2928:3836] 000000000027e59e Thread C:\Windows\SysWOW64\svchost.exe [2928:5896] 000000000027e59e Thread C:\Windows\SysWOW64\svchost.exe [2928:4692] 000000000027e59e Thread C:\Windows\SysWOW64\svchost.exe [2928:4116] 000000000027e59e Thread C:\Windows\SysWOW64\svchost.exe [2928:4776] 000000000027e59e Thread C:\Windows\SysWOW64\rundll32.exe [2316:2356] 000000000030e59e Thread C:\Windows\SysWOW64\rundll32.exe [2316:5672] 000000000030e59e Thread C:\Windows\SysWOW64\rundll32.exe [2316:4004] 000000000030e59e Thread C:\Windows\SysWOW64\rundll32.exe [2316:2984] 000000000030e59e Thread C:\Windows\SysWOW64\rundll32.exe [2316:5560] 000000000030e59e ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd5236ebb8 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a82ebbb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05a82ebbb@dcee0661a346 0xB7 0x82 0x39 0x1B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd5236ebb8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a82ebbb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05a82ebbb@dcee0661a346 0xB7 0x82 0x39 0x1B ... ---- EOF - GMER 2.2 ----