GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-27 02:46:04 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\000000ac WDC_WD25 rev.1.01 Running: yr8nxyir.exe; Driver: C:\Users\gohik\AppData\Local\Temp\ugloqpod.sys ---- System - GMER 1.0.15 ---- INT 0x51 ? 89B16BF8 INT 0x51 ? 89B16BF8 INT 0x71 ? 89B16BF8 INT 0x71 ? 89B16BF8 INT 0x71 ? 89B16BF8 INT 0xA2 ? 879D8BF8 INT 0xB2 ? 879D8BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spgw.sys The system cannot find the path specified. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9FC0F000, 0x23100A, 0xE8000020] .text USBPORT.SYS!DllUnload 84BD946F 5 Bytes JMP 89B161D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[156] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[436] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[588] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\wininit.exe[692] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\csrss.exe[704] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\services.exe[736] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\services.exe[736] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\services.exe[736] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\services.exe[736] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Hotspot Shield\bin\hsswd.exe[764] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FF96591 .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FF96620 .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FF9662D .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FF968B1 .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FF96616 .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FF9666E .text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FF9663A .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\lsm.exe[780] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\winlogon.exe[820] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\wbem\wmiprvse.exe[844] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\wbem\unsecapp.exe[968] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[972] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1104] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\Ati2evxx.exe[1152] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\svchost.exe[1204] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe[1252] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1368] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\SLsvc.exe[1416] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1444] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\Desktop\yr8nxyir.exe[1472] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\Hpservice.exe[1508] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Nexon\MapleStory\npkcmsvc.exe[1528] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\spoolsv.exe[1764] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1792] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[1856] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe[1984] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\agrsmsvc.exe[1996] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Bonjour\mDNSResponder.exe[2032] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2044] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2052] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\SMINST\BLService.exe[2076] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2112] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\svchost.exe[2144] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\SearchIndexer.exe[2204] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2416] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2684] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\conime.exe[2716] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2752] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\Ati2evxx.exe[2784] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2812] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[2924] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\Dwm.exe[3120] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .reloc C:\Windows\Explorer.EXE[3232] C:\Windows\Explorer.EXE section is executable [0x012C7000, 0xCC00, 0xE0000060] .reloc C:\Windows\Explorer.EXE[3232] C:\Windows\Explorer.EXE entry point in ".reloc" section [0x012D33AD] wpytzkc C:\Windows\Explorer.EXE[3232] C:\Windows\Explorer.EXE unknown last section [0x012D4000, 0x1000, 0xC0000000] .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Windows\Explorer.EXE[3232] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3252] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Program Files\Gadu-Gadu2\gg.exe[3568] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[3860] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateFile 778F8008 5 Bytes CALL 7FFA6591 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateProcess 778F80C8 5 Bytes CALL 7FFA6620 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateProcessEx 778F80D8 5 Bytes CALL 7FFA662D .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtDeviceIoControlFile 778F8438 5 Bytes CALL 7FFA68B1 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtOpenFile 778F87E8 5 Bytes CALL 7FFA6616 .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtQueryInformationProcess 778F8A88 5 Bytes CALL 7FFA666E .text C:\Users\gohik\AppData\Local\Google\Chrome\Application\chrome.exe[4036] ntdll.dll!NtCreateUserProcess 778F9438 5 Bytes CALL 7FFA663A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82E066D6] \SystemRoot\System32\Drivers\spgw.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82E06042] \SystemRoot\System32\Drivers\spgw.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82E06800] \SystemRoot\System32\Drivers\spgw.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82E060C0] \SystemRoot\System32\Drivers\spgw.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82E0613E] \SystemRoot\System32\Drivers\spgw.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82E15E9C] \SystemRoot\System32\Drivers\spgw.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A87BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AC98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A8D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A7F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A87599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A7E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73ABB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A8D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A8012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A80095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A771F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73B0D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73AA75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A7DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A7668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A766BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3232] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A81E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8838C1F8 Device \FileSystem\cdfs \Cdfs 8B5B8500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... ---- Files - GMER 1.0.15 ---- File C:\Windows\winsxs\msil_dfsvc_b03f5f7f11d50a3a_6.0.6001.18111_none_65ce302488fdb088\dfsvc.exe (size mismatch) 32768/5120 bytes executable File C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6001.18000_none_bee8b564bed7d168\ehexthost.exe (size mismatch) 159744/131072 bytes executable File C:\Windows\winsxs\msil_narrator_31bf3856ad364e35_6.0.6000.16386_none_dd5173734f01b093\Narrator.exe (size mismatch) 1019904/991232 bytes executable File C:\Windows\winsxs\x86_acw_31bf3856ad364e35_6.0.6001.18000_none_7e59de1d1d1b8706\ACW.exe (size mismatch) 109056/81408 bytes executable File C:\Windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6001.18111_none_18c80708589009f0\aspnet_compiler.exe (size mismatch) 65536/36864 bytes executable File C:\Windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6001.18111_none_0968ef111911e0b6\aspnet_regbrowsers.exe (size mismatch) 53248/24576 bytes executable File C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6001.18111_none_4fdb0097bc3399c7\aspnet_regsql.exe (size mismatch) 135168/106496 bytes executable File C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18111_none_6bd7955eefde7bcf\CasPol.exe (size mismatch) 135168/106496 bytes executable File C:\Windows\winsxs\x86_eventviewersettings_31bf3856ad364e35_6.0.6000.16386_none_f2c1160b06c8132e\eventvwr.exe (size mismatch) 107520/79872 bytes executable File C:\Windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6001.18111_none_7b7882b9212027b6\InstallUtil.exe (size mismatch) 57344/28672 bytes executable File C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18000_none_c89cd1bfabce5e98\mcupdate.exe (size mismatch) 167936/140288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\sdbinst.exe (size mismatch) 48640/20992 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaelv.exe (size mismatch) 35840/8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcalua.exe (size mismatch) 35328/7680 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\pcaui.exe (size mismatch) 41984/14336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.0.6001.18000_none_584f24a8053bcd4b\cacls.exe (size mismatch) 53248/25600 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.0.6000.16386_none_cfca85b8865bd22a\AdapterTroubleshooter.exe (size mismatch) 66048/38400 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-agentsvr_31bf3856ad364e35_6.0.6001.18000_none_334f4f322beda902\AgentSvr.exe (size mismatch) 320512/292864 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-atbroker_31bf3856ad364e35_6.0.6001.18000_none_cfa0afd11e5537f4\AtBroker.exe (size mismatch) 55808/28160 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-at_31bf3856ad364e35_6.0.6001.18000_none_4d01a46983e485b5\at.exe (size mismatch) 52224/24576 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.0.6001.18000_none_c62871670779ffa4\SndVol.exe (size mismatch) 225280/197632 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6001.18000_none_6593128e7338aab2\LogonUI.exe (size mismatch) 36864/9216 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.0.6000.16386_none_168bb99c8ad964f4\chkntfs.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.0.6001.18000_none_a8e952205b1e893c\alg.exe (size mismatch) 87040/59392 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-aurora_31bf3856ad364e35_6.0.6001.18000_none_9b06fa43a64d3c3c\Aurora.scr (size mismatch) 1398272/1370624 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.0.6001.18000_none_882afcc5a52ba04b\bcdedit.exe (size mismatch) 361984/334336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.0.6001.18000_none_26148132a5947290\bfsvc.exe (size mismatch) 86528/58880 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\expand.exe (size mismatch) 80384/52736 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.0.6001.18000_none_4d1191020c6c0bfe\bitsadmin.exe (size mismatch) 219648/192000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-bootconfig_31bf3856ad364e35_6.0.6001.18000_none_0c167d0a1a481474\bootcfg.exe (size mismatch) 109056/81408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193febd52e137a\bthudtask.exe (size mismatch) 61952/34304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-bubbles_31bf3856ad364e35_6.0.6001.18000_none_6e7e463bc9f1a17d\Bubbles.scr (size mismatch) 907264/879616 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.0.6000.16386_none_e7d2bc45928406da\comrepl.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.0.6000.16386_none_2b19df6766c5a275\MigRegDB.exe (size mismatch) 38400/10752 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-capturewizard_31bf3856ad364e35_6.0.6001.18000_none_6caf21de31abd9cf\VideoCameraAutoPlayManager.exe (size mismatch) 86016/58368 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.0.6001.18000_none_8e157293f4522572\CompMgmtLauncher.exe (size mismatch) 173056/145408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.0.6000.16386_none_a7873f3f1dd0e729\calc.exe (size mismatch) 203776/176128 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.0.6000.16386_none_f022fb62a7701614\charmap.exe (size mismatch) 182272/154624 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.0.6001.18000_none_6810938417684464\certreq.exe (size mismatch) 242688/215040 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.0.6001.18000_none_b58507ed335c92cc\certutil.exe (size mismatch) 826368/798720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe (size mismatch) 43520/15872 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-choice_31bf3856ad364e35_6.0.6000.16386_none_c13029108ed7db57\choice.exe (size mismatch) 58368/30720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-cipher_31bf3856ad364e35_6.0.6001.18000_none_ad167f5aa518a33b\cipher.exe (size mismatch) 86016/58368 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6000.16386_none_6b0d746560a0c05f\cleanmgr.exe (size mismatch) 206336/178688 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-clip_31bf3856ad364e35_6.0.6000.16386_none_a5a520211f165ebc\clip.exe (size mismatch) 54272/26624 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.0.6001.18000_none_e9a7d948ef4e2e4f\mtstocom.exe (size mismatch) 152576/124928 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.0.6001.18000_none_b0a7c3b54838915e\dcomcnfg.exe (size mismatch) 36352/8704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.0.6001.18000_none_195302e56002fb82\msdtc.exe (size mismatch) 133632/105984 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.0.6000.16386_none_41ed2cb9f696f0a2\dllhost.exe (size mismatch) 34816/7168 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.0.6000.16386_none_41ed2cb9f696f0a2\dllhst3g.exe (size mismatch) 34816/7168 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.0.6000.16386_none_d1f473a80c4c9194\help.exe (size mismatch) 36352/8704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-compact_31bf3856ad364e35_6.0.6000.16386_none_f7be78ceb8a77881\compact.exe (size mismatch) 46080/18432 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_8b0cc6bd1a5c896f\cmd.exe (size mismatch) 346624/318976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-computerdefaults_31bf3856ad364e35_6.0.6001.18000_none_0676a1abc3496ab5\ComputerDefaults.exe (size mismatch) 64000/36352 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-consoleime_31bf3856ad364e35_6.0.6001.18000_none_b63a896057bb3b00\conime.exe (size mismatch) 96768/69120 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.0.6000.16386_none_97353741ad92c399\control.exe (size mismatch) 239616/211968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6001.18000_none_9cd54abba85233ff\convert.exe (size mismatch) 45056/17408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\drvinst.exe (size mismatch) 129536/101888 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6001.18000_none_87b9b7e028c74e65\cofire.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.0.6000.16386_none_9da3eeaf6eea0db4\credwiz.exe (size mismatch) 55296/27648 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-migration_31bf3856ad364e35_6.0.6001.18000_none_0e6646c285e6dce6\imjppdmg.exe (size mismatch) 51712/24064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPDADM.EXE (size mismatch) 41984/14336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPDCT.EXE (size mismatch) 332800/305152 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.0.6001.18000_none_ed313ee5721aa9bc\IMJPUEX.EXE (size mismatch) 64000/36352 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.0.6001.18000_none_0b3d4ee880da609e\imjpuexc.exe (size mismatch) 133120/105472 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6001.18289_none_9cc41791f57c53d7\WUDFHost.exe (size mismatch) 223232/195584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.0.6001.18000_none_3a8c422a9f3101c4\IMEPADSV.EXE (size mismatch) 280064/252416 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.0.6001.18000_none_c535051605aefc07\DFDWiz.exe (size mismatch) 96256/68608 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJPDSVR.EXE (size mismatch) 87040/59392 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..s-ime-japanese-core_31bf3856ad364e35_6.0.6001.18000_none_6f6b5d738da7e00f\IMJPMGR.EXE (size mismatch) 88064/60416 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.0.6001.18000_none_23c398325dc3f8d0\dxdiag.exe (size mismatch) 280576/252928 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.0.6001.18000_none_99160ebe9044f369\dfrgui.exe (size mismatch) 698880/671232 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.0.6001.18000_none_c77bcfbbc6557a1c\Defrag.exe (size mismatch) 254464/226816 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_6.0.6000.16386_none_d5b468b55f26ce50\iscsicpl.exe (size mismatch) 147968/120320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-defrag-fat_31bf3856ad364e35_6.0.6001.18000_none_23bd98030c29fb9d\dfrgfat.exe (size mismatch) 124416/96768 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-defrag-ntfs_31bf3856ad364e35_6.0.6001.18000_none_1e22f0b7b462590d\DfrgNtfs.exe (size mismatch) 191488/163840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-deployment_31bf3856ad364e35_6.0.6001.18000_none_fbeef6caed4e0223\setupugc.exe (size mismatch) 113152/85504 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-deviceproperties_31bf3856ad364e35_6.0.6000.16386_none_e813a1073cfdf3e7\DeviceProperties.exe (size mismatch) 37376/9728 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.0.6001.18000_none_a6c6146bc2a18c82\diantz.exe (size mismatch) 121856/94208 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-digitallocker_31bf3856ad364e35_6.0.6001.18000_none_04d1e0ab2a69a034\digitalx.exe (size mismatch) 922624/894976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.0.6000.16386_none_ff77612f1d1f0efb\dvdplay.exe (size mismatch) 37376/9728 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.0.6000.16386_none_7b8fa4ccdfba3441\dvdupgrd.exe (size mismatch) 49152/21504 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directx-directplay4_31bf3856ad364e35_6.0.6000.16386_none_74d9a960c2f80a4b\dplaysvr.exe (size mismatch) 46592/18944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.0.6001.18000_none_78d68814bebf2d3b\dpnsvr.exe (size mismatch) 50688/23040 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.0.6001.18000_none_68d8655a95ece6c4\diskpart.exe (size mismatch) 147968/120320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.0.6001.18000_none_6589a41097fa31a3\diskraid.exe (size mismatch) 258560/230912 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-dispdiag_31bf3856ad364e35_6.0.6001.18000_none_44e4695530172d0f\dispdiag.exe (size mismatch) 149504/121856 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnscacheugc.exe (size mismatch) 52736/25088 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.0.6001.18000_none_7dd2d2fbcd70d3d7\dpapimig.exe (size mismatch) 434688/407040 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.0.6001.18000_none_7a47d3365af01664\DpiScaling.exe (size mismatch) 188416/160768 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.0.6001.18000_none_9622cb7595099fdc\driverquery.exe (size mismatch) 93696/66048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-driververifier_31bf3856ad364e35_6.0.6001.18000_none_ba6bdb179cbb664a\verifier.exe (size mismatch) 140288/112640 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.0.6001.18000_none_d98becfdc541212d\esentutl.exe (size mismatch) 120832/93184 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.0.6000.16386_none_530e55c43de2b339\RegisterMCEApp.exe (size mismatch) 135168/106496 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6001.18000_none_fe9fa554f584b164\DWWIN.EXE (size mismatch) 132096/104448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.0.6001.18000_none_07eaaa7d0bd7df55\rekeywiz.exe (size mismatch) 70144/42496 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.0.6000.16386_none_f43e06068aab6b2d\efsui.exe (size mismatch) 39424/11776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18000_none_3429e869d9fa322b\McrMgr.exe (size mismatch) 200192/172544 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.0.6001.18000_none_d88d31d41910d458\Mcx2Prov.exe (size mismatch) 110592/82944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehmsas_31bf3856ad364e35_6.0.6001.18000_none_2b12d4796cded8ce\ehmsas.exe (size mismatch) 65024/37376 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.0.6001.18000_none_f51330b831cb593a\ehprivjob.exe (size mismatch) 238080/210432 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehshell_31bf3856ad364e35_6.0.6000.16386_none_3769a831fcf460a0\ehshell.exe (size mismatch) 127488/99840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.0.6001.18000_none_2ad90dbf6d091834\ehtray.exe (size mismatch) 153600/125952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16386_none_4931fc4f57d0a33f\ehvid.exe (size mismatch) 282112/254464 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-mcspad_31bf3856ad364e35_6.0.6000.16386_none_5f607ee86e4df83f\mcspad.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.0.6001.18000_none_bd697e04219e5a29\ehrecvr.exe (size mismatch) 320000/292352 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.0.6000.16386_none_a33c3cde3f230506\ehsched.exe (size mismatch) 158720/131072 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.0.6001.18000_none_560d317722e5879b\wercon.exe (size mismatch) 1170944/1143296 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\wermgr.exe (size mismatch) 83968/56320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.0.6000.16386_none_5761c2a9c2931665\eudcedit.exe (size mismatch) 233472/205824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6001.18000_none_fb0da2e774b2f589\wecutil.exe (size mismatch) 190976/163328 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28\eventcreate.exe (size mismatch) 63488/35840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ehome-ehrec_31bf3856ad364e35_6.0.6001.18000_none_4af391155507e3ac\ehrec.exe (size mismatch) 177664/150016 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (size mismatch) 244736/217088 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFaultSecure.exe (size mismatch) 887808/860160 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.0.6001.18000_none_c0d4359f7cd00788\wevtutil.exe (size mismatch) 190976/163328 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe (size mismatch) 2954752/2927104 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.0.6001.18000_none_db299a9f03e563ae\extrac32.exe (size mismatch) 80896/53248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.0.6000.16386_none_fe8fe28738714146\comp.exe (size mismatch) 48128/20480 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.0.6000.16386_none_fe8fe28738714146\fc.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.0.6000.16386_none_1756f106286c9d0d\fltMC.exe (size mismatch) 46592/18944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.0.6001.18000_none_272f8b6259b4a784\findstr.exe (size mismatch) 89600/61952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-fontview_31bf3856ad364e35_6.0.6000.16386_none_422d4b43b98bf530\fontview.exe (size mismatch) 51200/23552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-forfiles_31bf3856ad364e35_6.0.6000.16386_none_52ecada3e09db976\forfiles.exe (size mismatch) 71168/43520 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.0.6001.18000_none_cc641478efec9c31\fsutil.exe (size mismatch) 82944/55296 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ftp_31bf3856ad364e35_6.0.6001.18000_none_aceb5df05889fdb6\ftp.exe (size mismatch) 69632/41984 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.0.6001.18000_none_3b68feffdbf43f81\gpresult.exe (size mismatch) 155648/128000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.0.6001.18000_none_3b68feffdbf43f81\gpupdate.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-getmac_31bf3856ad364e35_6.0.6001.18000_none_0bfe96baa1fb1269\getmac.exe (size mismatch) 92672/65024 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.0.6000.16386_none_a05162e240c2c82b\grpconv.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-help-client_31bf3856ad364e35_6.0.6001.18000_none_6c1890222e16b0ed\HelpPane.exe (size mismatch) 525824/498176 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe (size mismatch) 134656/107008 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe (size mismatch) 42496/14848 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_6.0.6000.16386_none_226909d84c369cba\ImagingDevices.exe (size mismatch) 230400/202752 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.0.6001.18000_none_da73ab3e1517f045\iscsicli.exe (size mismatch) 172032/144384 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_18115de147f37e0a\IMSCPROP.exe (size mismatch) 115200/87552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.0.6001.18000_none_5983fd8d00f80d0b\IMTCPROP.exe (size mismatch) 382976/355328 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-icm-ui_31bf3856ad364e35_6.0.6001.18000_none_3a58b76aa0cf669e\colorcpl.exe (size mismatch) 112640/84992 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.0.6001.18000_none_32b49f10a5fa315b\icacls.exe (size mismatch) 54784/27136 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe (size mismatch) 135168/107520 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe (size mismatch) 131584/103936 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe (size mismatch) 197120/169472 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe (size mismatch) 94208/66560 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe (size mismatch) 172032/144384 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe (size mismatch) 236032/208384 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe (size mismatch) 73216/45568 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe (size mismatch) 200704/173056 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.0.6001.18000_none_d61a04e87a3248f5\IMCCPHR.exe (size mismatch) 312832/285184 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.0.6001.18000_none_6c9483bf9c0f69f9\InfDefaultInstall.exe (size mismatch) 39424/11776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.0.6001.18000_none_498174cc8619e2a5\msiexec.exe (size mismatch) 99328/71680 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\MuiUnattend.exe (size mismatch) 93696/66048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.0.6001.18000_none_4c39f10017eea251\ipconfig.exe (size mismatch) 54272/26624 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-irftp_31bf3856ad364e35_6.0.6000.16386_none_54837ef0815687e5\irftp.exe (size mismatch) 193536/165888 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ktmutil_31bf3856ad364e35_6.0.6001.18000_none_8889f81e0128d870\ktmutil.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-label_31bf3856ad364e35_6.0.6000.16386_none_54f849cbcd5d6ed8\label.exe (size mismatch) 41984/14336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.0.6000.16386_none_e03d60674b55d87a\hdwwiz.exe (size mismatch) 108032/80384 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-logon_31bf3856ad364e35_6.0.6001.18000_none_58fb5219c92c4735\logon.scr (size mismatch) 5742080/5714432 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\lpksetup.exe (size mismatch) 207360/179712 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-lpksetup_31bf3856ad364e35_6.0.6001.18000_none_215961096c78771c\lpremove.exe (size mismatch) 69120/41472 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6001.18000_none_a64a5d325ccb6b78\consent.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.0.6000.16386_none_26af70cfe9c03a50\MdRes.exe (size mismatch) 115712/88064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.0.6001.18000_none_0f734b1075a23eba\mmc.exe (size mismatch) 1820160/1792512 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.0.6000.16386_none_4219256240cbfb59\odbcad32.exe (size mismatch) 114688/86016 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.0.6000.16386_none_6de684dc59c6d3c0\cliconfg.exe (size mismatch) 69632/40960 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.0.6001.18000_none_93d69c3c79b78449\MdSched.exe (size mismatch) 156160/128512 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.0.6001.18000_none_a38804efa6043f79\ucsvc.exe (size mismatch) 73216/45568 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_6.0.6001.18000_none_c09dd331733760b0\wmprph.exe (size mismatch) 87040/59392 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\attrib.exe (size mismatch) 44032/16384 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\doskey.exe (size mismatch) 43008/15360 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\find.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\print.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\replace.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\subst.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..resentationsettings_31bf3856ad364e35_6.0.6001.18000_none_6d275aaa036a1d6f\PresentationSettings.exe (size mismatch) 187904/160256 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.0.6000.16386_none_0b401880f532252e\odbcconf.exe (size mismatch) 61440/32768 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe (size mismatch) 424960/397312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-makecab_31bf3856ad364e35_6.0.6001.18000_none_f0cf81e6693ed8de\makecab.exe (size mismatch) 125952/98304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..yer-sideshow-gadget_31bf3856ad364e35_6.0.6001.18000_none_2829a2edaef220ed\WMPSideShowGadget.exe (size mismatch) 257024/229376 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-magnify_31bf3856ad364e35_6.0.6000.16386_none_6bf715709bc4ceef\Magnify.exe (size mismatch) 737792/710144 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mail-sideshow-gadget_31bf3856ad364e35_6.0.6001.18000_none_bee072cd201a5a3d\WindowsMailGadget.exe (size mismatch) 196096/168448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mapi_31bf3856ad364e35_6.0.6000.16386_none_a9167f531cd49e51\fixmapi.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mfpmp.exe (size mismatch) 52224/24576 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\rrinstaller.exe (size mismatch) 80896/53248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_6.0.6001.18000_none_1afab09e3ffabfdd\wmlaunch.exe (size mismatch) 266240/238592 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.18000_none_eb408c37c208d81f\logagent.exe (size mismatch) 122368/94720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18000_none_adf3c981d68ad9ed\unregmp2.exe (size mismatch) 338432/310784 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmpenc_31bf3856ad364e35_6.0.6000.16386_none_a1ed725e2af09684\wmpenc.exe (size mismatch) 51200/23552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.0.6001.18000_none_58a7d7b2db3ffcd4\mighost.exe (size mismatch) 286208/258560 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.0.6001.18000_none_5a99f4da0b4319f4\mblctr.exe (size mismatch) 966656/939008 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\wmpconfig.exe (size mismatch) 135168/107520 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\wmplayer.exe (size mismatch) 196608/168960 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18000_none_0b69c31f4f19b995\wmpshare.exe (size mismatch) 135168/107520 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mobsyncexe_31bf3856ad364e35_6.0.6001.18000_none_ef50d98e54551dfd\mobsync.exe (size mismatch) 123392/95744 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mountvol_31bf3856ad364e35_6.0.6001.18000_none_b259796d51734c02\mountvol.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18000_none_f261ec400d1da6d8\MOVIEMK.exe (size mismatch) 177664/150016 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\auditpol.exe (size mismatch) 69120/41472 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.0.6001.18000_none_da7a3e839dc01091\msconfig.exe (size mismatch) 255488/227840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.0.6001.18000_none_a58261f31d86797e\msdt.exe (size mismatch) 189952/162304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.0.6001.18000_none_8644ff1aeae0de50\msinfo32.exe (size mismatch) 435712/408064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.0.6001.18000_none_abdc66d6f9ae4938\msinfo32.exe (size mismatch) 435712/408064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mspaint_31bf3856ad364e35_6.0.6001.18000_none_8e1d86a4ee91b91a\mspaint.exe (size mismatch) 513024/485376 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-mystify_31bf3856ad364e35_6.0.6001.18000_none_f0119b125f5d44fd\Mystify.scr (size mismatch) 248832/221184 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.0.6001.18000_none_3d9b042027fd390a\NAPSTAT.EXE (size mismatch) 294912/267264 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-nbtstat_31bf3856ad364e35_6.0.6001.18000_none_9e1084721e5ef25a\nbtstat.exe (size mismatch) 43008/15360 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\net.exe (size mismatch) 75776/48128 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_86dbf37154932a4e\net1.exe (size mismatch) 186368/158720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbtugc.exe (size mismatch) 49152/21504 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6001.18000_none_102edbb851798715\netcfg.exe (size mismatch) 53248/25600 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.0.6001.18000_none_ed56b4c61061e91c\Netplwiz.exe (size mismatch) 53248/25600 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.0.6000.16386_none_5d6a3441faedc17e\netsh.exe (size mismatch) 125952/98304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeunattend.exe (size mismatch) 43008/15360 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-networkprojection_31bf3856ad364e35_6.0.6001.18000_none_e3c78331f0bd2d51\NetProj.exe (size mismatch) 117248/89600 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6001.18000_none_11764b5450a917b3\newdev.exe (size mismatch) 102400/74752 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-notepadwin_31bf3856ad364e35_6.0.6001.18000_none_42c9ccdefb0d0dc9\notepad.exe (size mismatch) 178688/151040 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-notepad_31bf3856ad364e35_6.0.6001.18000_none_6f1a8d7b6fffbb73\notepad.exe (size mismatch) 178688/151040 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-nslookup_31bf3856ad364e35_6.0.6001.18000_none_cb8073f066728e85\nslookup.exe (size mismatch) 110592/82944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\csrstub.exe (size mismatch) 73728/46080 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\ntvdm.exe (size mismatch) 548352/520704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.0.6000.16386_none_e4efa504ed79192f\openfiles.exe (size mismatch) 90624/62976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-optionaltsps_31bf3856ad364e35_6.0.6000.16386_none_dfc57c48cbf7b6e2\tcmsetup.exe (size mismatch) 40448/12800 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.0.6001.18000_none_e37d31f65f47c773\ocsetup.exe (size mismatch) 63488/35840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.0.6001.18000_none_6666fa49edaef003\OptionalFeatures.exe (size mismatch) 124928/97280 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.0.6000.16386_none_a88611705d03a0ad\osk.exe (size mismatch) 209920/182272 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.0.6001.18000_none_d6543f9ff5ec4aec\printui.exe (size mismatch) 88064/60416 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6001.18000_none_1a0c9c3bb4d854e8\mcbuilder.exe (size mismatch) 303616/275968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\iashost.exe (size mismatch) 45056/17408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-o..calmediadisc-wizard_31bf3856ad364e35_6.0.6001.18000_none_1a8bb8d447e4ec1f\DVDMaker.exe (size mismatch) 1990656/1963008 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\diskperf.exe (size mismatch) 45056/17408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\logman.exe (size mismatch) 83968/56320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\relog.exe (size mismatch) 65024/37376 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\tracerpt.exe (size mismatch) 365056/337408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6001.18000_none_61237ad0fed51e58\typeperf.exe (size mismatch) 67584/39936 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.0.6000.16386_none_0724f63b83d41394\powercfg.exe (size mismatch) 91648/64000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18000_none_2bad9989db66dd67\printfilterpipelinesvc.exe (size mismatch) 693760/666112 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..ontrolsnotification_31bf3856ad364e35_6.0.6000.16386_none_e5b0086586301ce6\wpcumi.exe (size mismatch) 203776/176128 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6001.18000_none_f0037a3c7d6c36a4\ntprint.exe (size mismatch) 89088/61440 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..sexemptionrequestor_31bf3856ad364e35_6.0.6000.16386_none_4712cc634ea4b26a\wpcer.exe (size mismatch) 46592/18944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\plasrv.exe (size mismatch) 35328/7680 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.0.6001.18000_none_cbcee9638f36c1e4\PnPUnattend.exe (size mismatch) 86016/58368 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\lodctr.exe (size mismatch) 68096/40448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6001.18000_none_7185fd57fee6c971\unlodctr.exe (size mismatch) 61440/33792 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.0.6001.18000_none_ecd7c41bf34445a7\PkgMgr.exe (size mismatch) 158208/130560 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-peertopeercollab_31bf3856ad364e35_6.0.6001.18000_none_97354e832d228b4c\p2phost.exe (size mismatch) 219648/192000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6001.18000_none_9c09be2ba0f3f010\perfmon.exe (size mismatch) 147968/120320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-photolibrary_31bf3856ad364e35_6.0.6000.16386_none_5fc28c0e19044691\WindowsPhotoGallery.exe (size mismatch) 166400/138752 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89\PhotoScreensaver.scr (size mismatch) 732160/704512 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.0.6000.16386_none_e6aa6f8d4dd35dff\DeviceEject.exe (size mismatch) 53248/25600 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PATHPING.EXE (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\PING.EXE (size mismatch) 43008/15360 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.0.6001.18000_none_a931a5078fdac855\TRACERT.EXE (size mismatch) 39936/12288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-pnputil_31bf3856ad364e35_6.0.6001.18000_none_fd63c291bc87866e\PnPutil.exe (size mismatch) 60416/32768 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe (size mismatch) 55296/27648 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.0.6001.18000_none_319433fd2aaf78e5\reg.exe (size mismatch) 88064/60416 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-r..bilityanalysisagent_31bf3856ad364e35_6.0.6001.18000_none_26c0a2eaa039cb7f\RacAgent.exe (size mismatch) 48128/20480 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.0.6001.18000_none_5b11a3037d624890\rdrleakdiag.exe (size mismatch) 57856/30208 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.0.6001.18000_none_2ff39ff37592ad4f\raserver.exe (size mismatch) 189440/161792 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasautou.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasdial.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.0.6001.18000_none_6f46cfc8a8b142a0\rasphone.exe (size mismatch) 67072/39424 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmdl32.exe (size mismatch) 100352/72704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmmon32.exe (size mismatch) 76288/48640 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_5f203f7160858cef\cmstp.exe (size mismatch) 112640/84992 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.0.6000.16386_none_76205b553298875e\regsvr32.exe (size mismatch) 41984/14336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-recdisc-main_31bf3856ad364e35_6.0.6001.18000_none_847bfa71b3a145b1\recdisc.exe (size mismatch) 220672/193024 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-recover_31bf3856ad364e35_6.0.6000.16386_none_83dc8bd2b7afee9e\recover.exe (size mismatch) 39424/11776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.0.6001.18000_none_0c563c6eb9d0e37e\regini.exe (size mismatch) 71680/44032 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe (size mismatch) 162304/134656 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedt32.exe (size mismatch) 36864/9216 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.0.6000.16386_none_4b8a0e360867c939\RelPost.exe (size mismatch) 167936/140288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\msra.exe (size mismatch) 492544/464896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.0.6001.18000_none_3758172c01e5ce47\sdchange.exe (size mismatch) 110592/82944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6001.18000_none_803567cb241e9c20\RmClient.exe (size mismatch) 42496/14848 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.0.6001.18000_none_88b4e40227fbeb47\Ribbons.scr (size mismatch) 248320/220672 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.0.6001.18000_none_c7072f80ec643cb9\Robocopy.exe (size mismatch) 115200/87552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rpc-locator_31bf3856ad364e35_6.0.6000.16386_none_ccfdd130eface46c\Locator.exe (size mismatch) 35328/7680 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rpc-ping_31bf3856ad364e35_6.0.6001.18000_none_9dba0e1040b883d8\RpcPing.exe (size mismatch) 62464/34816 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.0.6000.16386_none_5db18748608251d3\runas.exe (size mismatch) 44544/16896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe (size mismatch) 72192/44544 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.0.6000.16386_none_0ed54d21f861c4c1\RunLegacyCPLElevated.exe (size mismatch) 85504/57856 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-runonce_31bf3856ad364e35_6.0.6001.18000_none_15bad49cbf07f200\runonce.exe (size mismatch) 66048/38400 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18000_none_f516cf88fe6ee045\RMActivate_ssp_isv.exe (size mismatch) 374272/346624 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.0.6000.16386_none_c7aca7a727ae5f8e\SystemPropertiesDataExecutionPrevention.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6001.18000_none_17d3c60709ecb009\dfrgifc.exe (size mismatch) 86528/58880 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.0.6000.16386_none_dab0b0c8dfecf279\cmdkey.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_6.0.6000.16386_none_7237791cd7c1a1bc\sc.exe (size mismatch) 59392/31744 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.0.6000.16386_none_f511c5dbe75b5b10\SystemPropertiesAdvanced.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.0.6000.16386_none_3ec3c343d60f49b4\SystemPropertiesHardware.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18000_none_e951ddfeefa9b62b\RMActivate_isv.exe (size mismatch) 551424/523776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.0.6000.16386_none_589feb3405ef2c5a\SystemPropertiesPerformance.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18000_none_6fbebf8e6411cf8a\RMActivate_ssp.exe (size mismatch) 374784/347136 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.0.6001.18000_none_7544b1278bb6c798\fveupdate.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.0.6000.16386_none_2e3c70553f52ed2a\SystemPropertiesComputerName.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.0.6000.16386_none_617b94d21f98a2cd\SystemPropertiesProtection.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18000_none_a0f56f6331781dea\RMActivate.exe (size mismatch) 538624/510976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6001.18000_none_8a77ef16b537c01e\SLLUA.exe (size mismatch) 214016/186368 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-s..ty-licensing-slc-ux_31bf3856ad364e35_6.0.6001.18000_none_8a77ef16b537c01e\SLUI.exe (size mismatch) 381952/354304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-safedocs-main_31bf3856ad364e35_6.0.6001.18000_none_2509bc4c66c893cc\sdclt.exe (size mismatch) 1197056/1169408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18000_none_486853160059f17b\cscript.exe (size mismatch) 167936/139264 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18000_none_486853160059f17b\wscript.exe (size mismatch) 184320/155648 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-scrnsave_31bf3856ad364e35_6.0.6000.16386_none_df08df07dd79c713\scrnsave.scr (size mismatch) 37888/10240 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sctasks_31bf3856ad364e35_6.0.6001.18000_none_8a3f7793b5565a80\schtasks.exe (size mismatch) 179200/151552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-secinit_31bf3856ad364e35_6.0.6000.16386_none_85812e7bd013283b\secinit.exe (size mismatch) 42496/14848 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-security-secedit_31bf3856ad364e35_6.0.6001.18000_none_aee72e1ab1be8da4\SecEdit.exe (size mismatch) 62976/35328 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.0.6001.18000_none_186298e2258219d5\syskey.exe (size mismatch) 55296/27648 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.0.6001.18000_none_e1e6e80246adfe72\UI0Detect.exe (size mismatch) 63488/35840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sethc_31bf3856ad364e35_6.0.6001.18000_none_62c03ef9751b4e51\sethc.exe (size mismatch) 654336/626688 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\audit.exe (size mismatch) 80384/52736 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\oobeldr.exe (size mismatch) 70144/42496 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\sysprep.exe (size mismatch) 122368/94720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\windeploy.exe (size mismatch) 90624/62976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-upgrade_31bf3856ad364e35_6.0.6001.18000_none_835bc958e2b02c18\lnkstub.exe (size mismatch) 68096/40448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setx_31bf3856ad364e35_6.0.6000.16386_none_aa4013d31c25521a\setx.exe (size mismatch) 73728/46080 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\icsunattend.exe (size mismatch) 41472/13824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.0.6001.18000_none_b81d34d8318ab2de\shrpubw.exe (size mismatch) 423936/396288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.0.6001.18000_none_433d652300dea5df\prevhost.exe (size mismatch) 53760/26112 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.0.6001.18000_none_02d417b0c7f7f7ee\shutdown.exe (size mismatch) 57344/29696 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\sbunattend.exe (size mismatch) 39424/11776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sidebar_31bf3856ad364e35_6.0.6001.18000_none_cedcabbd26a81ad6\sidebar.exe (size mismatch) 1261568/1233920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sigverif_31bf3856ad364e35_6.0.6000.16386_none_b962c260fe7391d7\sigverif.exe (size mismatch) 95232/67584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe (size mismatch) 40448/12800 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sort_31bf3856ad364e35_6.0.6000.16386_none_a98761571c97d992\sort.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-soundrecorder_31bf3856ad364e35_6.0.6001.18000_none_9f0945a332e359bf\SoundRecorder.exe (size mismatch) 155136/127488 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sqm-consolidator-base_31bf3856ad364e35_6.0.6001.18000_none_d43f6be9619719bf\wsqmcons.exe (size mismatch) 219648/192000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ssbranded_31bf3856ad364e35_6.0.6001.18000_none_388afdb9078c6894\ssBranded.scr (size mismatch) 8166912/8139264 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.0.6001.18000_none_0438b87e5f9c33e2\ssText3d.scr (size mismatch) 322560/294912 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_6.0.6001.18000_none_02a986ffc3902d6c\sapisvr.exe (size mismatch) 77312/49664 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.0.6001.18000_none_ae4c9c1c57a3bb3a\sxstrace.exe (size mismatch) 54784/27136 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-sysinfo_31bf3856ad364e35_6.0.6001.18000_none_ef54b11af88ecd85\systeminfo.exe (size mismatch) 103936/76288 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.0.6000.16386_none_929e808d0ee289c4\SystemPropertiesRemote.exe (size mismatch) 109568/81920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18000_none_46dfcfe7b33efe29\rstrui.exe (size mismatch) 346112/318464 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-systray_31bf3856ad364e35_6.0.6000.16386_none_f11abad6f91f0289\systray.exe (size mismatch) 35840/8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipanel.exe (size mismatch) 34304/6656 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe (size mismatch) 36352/8704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18000_none_4ddc4d9521178ffe\mstsc.exe (size mismatch) 705536/677888 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.0.6001.18000_none_4ddc4d9521178ffe\tscupgrd.exe (size mismatch) 91136/63488 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.0.6001.18000_none_d1104c78dccde5fe\wisptis.exe (size mismatch) 271872/244224 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.0.6001.18000_none_df7372285af14383\tabcal.exe (size mismatch) 89600/61952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-takeown_31bf3856ad364e35_6.0.6001.18000_none_f9eb65ca159e19fb\takeown.exe (size mismatch) 79360/51712 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.0.6001.18000_none_284332315a51a48f\tasklist.exe (size mismatch) 108544/80896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.18000_none_618595dc8f59aab8\netiougc.exe (size mismatch) 50176/22528 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.0.6001.18000_none_d5e60fdc7acf56c4\TSTheme.exe (size mismatch) 69632/41984 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tapicore_31bf3856ad364e35_6.0.6000.16386_none_e203168e49ab8983\dialer.exe (size mismatch) 58880/31232 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.0.6001.18000_none_69f32ac39b2a05e1\TapiUnattend.exe (size mismatch) 38400/10752 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.0.6001.18000_none_257dff055c108bff\taskkill.exe (size mismatch) 106496/78848 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.0.6001.18000_none_14622f2da933f0c7\taskmgr.exe (size mismatch) 191488/163840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\ARP.EXE (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\finger.exe (size mismatch) 37888/10240 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\HOSTNAME.EXE (size mismatch) 36352/8704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\MRINFO.EXE (size mismatch) 38912/11264 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\NETSTAT.EXE (size mismatch) 54784/27136 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\ROUTE.EXE (size mismatch) 45568/17920 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18000_none_32c6f3aa4ede22b3\TCPSVCS.EXE (size mismatch) 37376/9728 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.0.6001.18000_none_ed091b563bee7a06\w32tm.exe (size mismatch) 92672/65024 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.0.6000.16386_none_8a2daac4c959a079\timeout.exe (size mismatch) 55808/28160 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6001.18000_none_777d16eedf412426\TpmInit.exe (size mismatch) 114176/86528 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\cbsra.exe (size mismatch) 71680/44032 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\TrustedInstaller.exe (size mismatch) 67072/39424 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.0.6001.18000_none_b314e49f6cd49e2c\unattendedjoin.exe (size mismatch) 55808/28160 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnpcont.exe (size mismatch) 50176/22528 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe (size mismatch) 52736/25088 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-utilman_31bf3856ad364e35_6.0.6001.18000_none_02a9afef313d4ed2\Utilman.exe (size mismatch) 666624/638976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-v..ck-uninstallremoval_31bf3856ad364e35_6.0.6001.18000_none_8064f7c7dbb86280\vsp1cln.exe (size mismatch) 627200/599552 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_6.0.6000.16386_none_b9b00f3a16893b4c\verclsid.exe (size mismatch) 36864/9216 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6001.18000_none_6aead29ffaae9c39\vds.exe (size mismatch) 410624/382976 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.0.6001.18000_none_6aead29ffaae9c39\vdsldr.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-vistasp1ceip_31bf3856ad364e35_6.0.6001.18000_none_1e7ab8a6aee223ea\vsp1ceip.exe (size mismatch) 202752/175104 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-vssadmin_31bf3856ad364e35_6.0.6001.18000_none_c47d557031a3a859\vssadmin.exe (size mismatch) 121344/93696 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.0.6001.18000_none_5accce7717d773c7\VSSVC.exe (size mismatch) 1082368/1054720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..etwork-setup-wizard_31bf3856ad364e35_6.0.6001.18000_none_94dd2b64446742ed\setupSNK.exe (size mismatch) 40960/13312 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_ca65755fad07cc55\WSManHTTPConfig.exe (size mismatch) 58368/30720 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.0.6000.16386_none_86fb724c5f4594fa\twunk_32.exe (size mismatch) 58880/31232 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.0.6001.18000_none_a1a9d55eccd6f21b\WMIC.exe (size mismatch) 653312/625664 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe (size mismatch) 61440/33792 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.0.6001.18000_none_cef47f55854b9614\wiaacmgr.exe (size mismatch) 115712/88064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-w..ystemassessmenttool_31bf3856ad364e35_6.0.6001.18000_none_7b94f7d8b759f8fa\WinSAT.exe (size mismatch) 3244544/3216896 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wab.exe (size mismatch) 543744/516096 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wab-app_31bf3856ad364e35_6.0.6001.18000_none_42a95d80d7929e62\wabmig.exe (size mismatch) 93696/66048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.0.6001.18000_none_b665b5e17b3398e8\waitfor.exe (size mismatch) 62464/34816 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.0.6000.16386_none_5b9c7723e13f8233\where.exe (size mismatch) 64000/36352 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_6.0.6000.16386_none_cc45bc5a84eb17ed\whoami.exe (size mismatch) 71168/43520 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-windowsanytimeupgrade_31bf3856ad364e35_6.0.6001.18000_none_1cc9bf4b19ce0f40\WindowsAnytimeUpgrade.exe (size mismatch) 245760/218112 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winver_31bf3856ad364e35_6.0.6000.16386_none_b41abc409f8dc8bb\winver.exe (size mismatch) 36352/8704 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.0.6000.16386_none_26cf4c5d0c7bc0fd\winhlp32.exe (size mismatch) 36864/9216 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685\mpnotify.exe (size mismatch) 41984/14336 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.0.6000.16386_none_923cb7d99010c685\wlrmdr.exe (size mismatch) 61952/34304 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_1636766731a74faf\winrs.exe (size mismatch) 61440/33792 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-winrsplugins_31bf3856ad364e35_6.0.6001.18000_none_1636766731a74faf\winrshost.exe (size mismatch) 49664/22016 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wlan-extension_31bf3856ad364e35_6.0.6001.18000_none_f9e32f2e235988fc\wlanext.exe (size mismatch) 101888/74240 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WinMgmt.exe (size mismatch) 105472/77824 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-consumers_31bf3856ad364e35_6.0.6001.18000_none_4ad2276858e160c5\scrcons.exe (size mismatch) 68608/40960 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\mofcomp.exe (size mismatch) 47616/19968 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\unsecapp.exe (size mismatch) 65536/37888 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WMIADAP.exe (size mismatch) 144896/117248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WmiApSrv.exe (size mismatch) 165376/137728 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-tools_31bf3856ad364e35_6.0.6001.18000_none_d7fb69e1839f6663\wbemtest.exe (size mismatch) 201728/174080 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.0.6001.18000_none_0386cbd2ce93a16e\wmpnetwk.exe (size mismatch) 924160/896512 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.0.6001.18000_none_b7c4c310b976a07a\wmpnscfg.exe (size mismatch) 229888/202240 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wordpad_31bf3856ad364e35_6.0.6001.18000_none_2dba79336ce584c1\wordpad.exe (size mismatch) 365056/337408 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.0.6001.18000_none_1128ecaac6c9b265\WPDShextAutoplay.exe (size mismatch) 57856/30208 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-write_31bf3856ad364e35_6.0.6000.16386_none_5d4c1033e02ccc7b\write.exe (size mismatch) 36864/9216 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-xcopy_31bf3856ad364e35_6.0.6001.18000_none_62f5aaa8f44c3f7b\xcopy.exe (size mismatch) 64512/36864 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.0.6001.18000_none_2b3ecd3ceb4631c5\sfc.exe (size mismatch) 43520/15872 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wusa_31bf3856ad364e35_6.0.6001.18000_none_ad00917d189cdb2c\wusa.exe (size mismatch) 167424/139776 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.0.6001.18000_none_f396b6f28ea6e017\CertEnrollCtrl.exe (size mismatch) 34304/6656 bytes executable File C:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6001.18111_none_813401fbb13760d3\MSBuild.exe (size mismatch) 98304/69632 bytes executable File C:\Windows\winsxs\x86_narrator-nonmsil_31bf3856ad364e35_6.0.6000.16386_none_2b06fe75c7fd62d3\Narrator.exe (size mismatch) 1019904/991232 bytes executable File C:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a\FirewallControlPanel.exe (size mismatch) 2612736/2585088 bytes executable File C:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.0.6001.18000_none_0a7986d9b92aa27a\FirewallSettings.exe (size mismatch) 291328/263680 bytes executable File C:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6001.18111_none_17150e011584125a\RegAsm.exe (size mismatch) 81920/53248 bytes executable File C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.18111_none_ea3038a767f70b0a\RegSvcs.exe (size mismatch) 61440/32768 bytes executable File C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe (size mismatch) 104448/76800 bytes executable File C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchProtocolHost.exe (size mismatch) 206848/179200 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe (size mismatch) 160256/132608 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe (size mismatch) 137216/109568 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe (size mismatch) 283648/256000 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzupd.exe (size mismatch) 46592/18944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe (size mismatch) 153600/125952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe (size mismatch) 143360/115712 bytes executable File C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\jsc.exe (size mismatch) 69632/40960 bytes executable File C:\Windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.0.6001.18111_none_7ee129e207ac66dd\IEExec.exe (size mismatch) 37376/9728 bytes executable File C:\Windows\winsxs\msil_loadmxf_31bf3856ad364e35_6.0.6000.16386_none_3680cce6f2360fe7\loadmxf.exe (size mismatch) 147456/118784 bytes executable File C:\Windows\winsxs\x86_wpf-terminalserverwpfwrapperexe_31bf3856ad364e35_6.0.6001.18000_none_245f3f8acb9f83ce\TsWpfWrp.exe (size mismatch) 57344/28672 bytes executable ---- EOF - GMER 1.0.15 ----