GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-23 20:15:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000096 ATA_____ rev.1.5_ 59,63GB Running: b8gzhb63.exe; Driver: C:\USERS\USER\APPDATA\LOCAL\TEMP\fgddypob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800041b4000 45 bytes [00, 00, 51, 02, 54, 68, 72, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800041b402f 16 bytes [00, 03, 00, 00, 00, 00, 00, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000104000 7 bytes [80, 93, F3, FF, 01, 9D, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000104008 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe[2340] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2524] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072f91a22 2 bytes [F9, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072f91ad0 2 bytes [F9, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072f91b08 2 bytes [F9, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072f91bba 2 bytes [F9, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072f91bda 2 bytes [F9, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[4068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaMonitor\mrmonitor.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[4636] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\irPC\irPC.exe[5264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\MSI Afterburner\RemoteServer\MSIAfterburnerRemoteServer.exe[5284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\popup.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe[6960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1672] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe[5248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075dc1465 2 bytes [DC, 75] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe[5248] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075dc14bb 2 bytes [DC, 75] .text ... * 2 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a21f2e 7 bytes JMP 0000000171b516b3 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a25bcd 7 bytes JMP 0000000171b511cc .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a31429 7 bytes JMP 0000000171b512a8 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a3ea5d 7 bytes JMP 0000000171b51262 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075a4b223 5 bytes JMP 0000000171b515c8 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ac88f4 7 bytes JMP 0000000171b51357 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ac8979 5 bytes JMP 0000000171b516f4 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ac8ccf 5 bytes JMP 0000000171b5101e .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000778b1d1b 5 bytes JMP 0000000171b511e5 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000778b1dc9 5 bytes JMP 0000000171b51019 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000778b2aa4 5 bytes JMP 0000000171b51573 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000778b2d0a 5 bytes JMP 0000000171b5128f .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007653e9a2 5 bytes JMP 0000000171b515e1 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007653ebdc 5 bytes JMP 0000000171b511a9 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c78a29 5 bytes JMP 0000000171b51046 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c84572 5 bytes JMP 0000000171b510c8 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c9e567 5 bytes JMP 0000000171b51433 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cd7a5c 5 bytes JMP 0000000171b515f0 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075825ea5 5 bytes JMP 0000000171b51618 .text F:\!Download\b8gzhb63.exe[8072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075859d0b 5 bytes JMP 0000000171b5123f ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [504:6264] 000007fef84d2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x89 0x61 0xA9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x89 0x61 0xA9 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0BBA6F-FB80-DE61-9D15-8B4E0DBA2A10} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0BBA6F-FB80-DE61-9D15-8B4E0DBA2A10}@hankmehfipmfkaeg 0x64 0x62 0x69 0x6C ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A0BBA6F-FB80-DE61-9D15-8B4E0DBA2A10}@jaalpejkfokefnbboeme 0x64 0x62 0x68 0x6F ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@F:\g\Far Cry\xae 3 Blood Dragon\setup.exe 1 ---- EOF - GMER 2.1 ----