GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-24 06:40:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: m57g1hli.exe; Driver: C:\Users\Szymi\AppData\Local\Temp\uwddykow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003203000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000320302f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...] .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88004516d64 12 bytes {MOV RAX, 0xfffffa8006f312a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1456] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1972] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Windows\system32\taskeng.exe[1680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8dedc88 5 bytes JMP 000007fff8dc00d8 .text C:\Windows\system32\Dwm.exe[1692] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8dede10 5 bytes JMP 000007fff8dc0110 .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071c91a22 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071c91ad0 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071c91b08 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071c91bba 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071c91bda 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\lkcitdl.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071c91a22 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071c91ad0 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071c91b08 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071c91bba 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071c91bda 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\lkads.exe[2336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071c91a22 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071c91ad0 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071c91b08 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071c91bba 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071c91bda 2 bytes [C9, 71] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\lktsrv.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\MAX\nimxs.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2472] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2768] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe[2816] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000710513c6 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000710513f6 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000710514ad 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000710514db 2 bytes [05, 71] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000071051577 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000710515d7 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000071051794 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000710518c1 2 bytes [05, 71] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\vmnat.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2732] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Windows\SysWOW64\vmnetdhcp.exe[3192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\vmnetdhcp.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\vmnetdhcp.exe[3192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[3288] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[3328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[3364] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Windows\system32\taskeng.exe[3500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3424] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3424] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3424] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3424] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3424] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3820] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3904] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Windows\System32\igfxpers.exe[4132] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b587b1 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Users\Szymi\AppData\Roaming\WebCake\WebCakeDesktop.exe[4420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4512] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe[4544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[4568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Windows\SysWOW64\RunDll32.exe[1416] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Windows\SysWOW64\RunDll32.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Windows\SysWOW64\RunDll32.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b7efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077ba99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077bb94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077bb9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bda500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefddb3460 7 bytes JMP 000007fffdda00d8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefddb9940 6 bytes JMP 000007fffdda0148 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefddb9fb0 5 bytes JMP 000007fffdda0180 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddba150 5 bytes JMP 000007fffdda0110 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffd489e0 8 bytes JMP 000007fffdda01f0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffd4be40 8 bytes JMP 000007fffdda01b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffb57490 11 bytes JMP 000007fffdda0228 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5020] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffb6bf00 7 bytes JMP 000007fffdda0260 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5872] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4256] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4624] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[5268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe[5268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b61429 7 bytes JMP 0000000171fd12ad .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b7b223 5 bytes JMP 0000000171fd15be .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bf88f4 7 bytes JMP 0000000171fd1357 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bf8979 5 bytes JMP 0000000171fd16e0 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bf8ccf 5 bytes JMP 0000000171fd1028 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077621d1b 5 bytes JMP 0000000171fd11ef .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077621dc9 5 bytes JMP 0000000171fd1023 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077622aa4 5 bytes JMP 0000000171fd156e .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077622d0a 5 bytes JMP 0000000171fd1294 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a2e9a2 5 bytes JMP 0000000171fd15d7 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a2ebdc 5 bytes JMP 0000000171fd11b8 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075908a29 5 bytes JMP 0000000171fd1050 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075914572 5 bytes JMP 0000000171fd10d2 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007592cfca 5 bytes JMP 0000000172d74970 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077855ea5 5 bytes JMP 0000000171fd1609 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077889d0b 5 bytes JMP 0000000171fd1249 .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077081465 2 bytes [08, 77] .text C:\Users\Szymi\Downloads\gm\m57g1hli.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770814bb 2 bytes [08, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff8800111d5b0] \SystemRoot\System32\Drivers\sphw.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff8800111d53c] \SystemRoot\System32\Drivers\sphw.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010e235c] \SystemRoot\System32\Drivers\sphw.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010e2224] \SystemRoot\System32\Drivers\sphw.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010e2a24] \SystemRoot\System32\Drivers\sphw.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010e2ba0] \SystemRoot\System32\Drivers\sphw.sys [unknown section] ---- Devices - GMER 2.1 ---- Device \Driver\a1gxm1ws \Device\Scsi\a1gxm1ws1Port1Path0Target0Lun0 fffffa80071322c0 Device \Driver\a1gxm1ws \Device\Scsi\a1gxm1ws1 fffffa80071322c0 Device \FileSystem\Ntfs \Ntfs fffffa8004cf92c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D7F30CDD-5B72-4E4E-9CB4-2A284AC275CB} fffffa8006cc92c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006f9d2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800514b2c0 Device \Driver\cdrom \Device\CdRom1 fffffa800514b2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2C42D4E8-4459-4309-AD64-8EE845D63549} fffffa8006cc92c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006f9d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5E0C87BA-C362-401F-9FBC-892530E94A94} fffffa8006cc92c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006f9d2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8004ced2c0 Device \Driver\volmgr \Device\FtControl fffffa8004ced2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa8004ced2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8004ced2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8004ced2c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8004ced2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3D1FDF90-5959-4DC7-AC76-0E5BFC837012} fffffa8006cc92c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B694D191-EB31-4D7E-A481-C671849A3518} fffffa8006cc92c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006cc92c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006f9d2c0 Device \Driver\a1gxm1ws \Device\ScsiPort1 fffffa80071322c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{66F5379B-BACB-4827-B75F-06E9842BA7FA} fffffa8006cc92c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a1gxm1ws.SYS fffff88004568000-fffff880045ac000 (278528 bytes) ---- Threads - GMER 2.1 ---- Thread [3636:3836] 00000000717e786a Thread [3636:3896] 000000006ddd27e1 Thread [3636:3920] 0000000077e93e45 Thread [3636:3952] 0000000077e92e25 Thread [3636:4052] 00000000720827c1 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4552:5500] 000007fefbdd2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115d31b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d33403 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749fd6eb8d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749fd6eb8d@bc47601ccc3f 0x30 0xB4 0x8B 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x61 0x09 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x7C 0x9C 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x5B 0x8B 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115d31b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d33403 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749fd6eb8d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749fd6eb8d@bc47601ccc3f 0x30 0xB4 0x8B 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x61 0x09 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0x7C 0x9C 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x5B 0x8B 0x79 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 41472 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 17920 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 53248 bytes executable ---- EOF - GMER 2.1 ----