GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-04 02:47:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: gmer.exe; Driver: C:\Users\Vicky\AppData\Local\Temp\pxlcrpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE[1464] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\WINDOWS\SYSTEM32\DWM.EXE[2948] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\TOASTER.EXE[2920] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3192] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\DELL DATASAFE LOCAL BACKUP\COMPONENTS\DSUPDATE\DSUPD.EXE[3292] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\WINDOWS\System32\igfxpers.exe[3484] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\Program Files\IDT\WDM\sttray64.exe[3528] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\PROGRAM FILES\DELLTPAD\APOINT.EXE[3572] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE[3584] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3608] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE[3976] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTEM.EXE[3108] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffcd80228 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffcd80260 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\windows\system32\wbem\unsecapp.exe[4172] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\DELL WEBCAM\DELL WEBCAM CENTRAL\WEBCAMDELL2.EXE[4280] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORICON.EXE[4364] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\RENESAS ELECTRONICS\USB 3.0 HOST CONTROLLER DRIVER\APPLICATION\NUSB3MON.EXE[4384] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4564] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE[4576] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE[4660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE[4020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\USERS\VICKY\APPDATA\LOCAL\TEMP\_MEI39322\BIN\WINLOGON.EXE[5428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\USERS\VICKY\APPDATA\LOCAL\TEMP\_MEI39322\BIN\WINLOGON.EXE[5428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\MEDIASRV.EXE[3368] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\MEDIASRV.EXE[3368] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\DELLTPAD\APMSGFWD.EXE[6816] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\DELLTPAD\HIDFIND.EXE[6868] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0148 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0180 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076c99630 5 bytes JMP 000000016fff0110 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01b8 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd92db0 5 bytes JMP 000007fffcd80180 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd937d0 7 bytes JMP 000007fffcd800d8 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd98ef0 6 bytes JMP 000007fffcd80148 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcdaaf60 5 bytes JMP 000007fffcd80110 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9689e0 8 bytes JMP 000007fffcd801f0 .text C:\PROGRAM FILES\DELLTPAD\APNTEX.EXE[6876] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd96be40 8 bytes JMP 000007fffcd801b8 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768a5ea5 5 bytes JMP 0000000171121ce0 .text C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\BTPLAYERCTRL.EXE[6156] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000768d9d0b 5 bytes JMP 0000000171121c70 .text C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVCENTER.EXE[4520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVCENTER.EXE[4520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATUS\DAEMONU.EXE[6004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762d1465 2 bytes [2D, 76] .text C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATUS\DAEMONU.EXE[6004] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762d14bb 2 bytes [2D, 76] .text ... * 2 .text F:\GMER.EXE[6864] C:\windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1409 7 bytes JMP 0000000171121e90 .text F:\GMER.EXE[6864] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075ddb21b 5 bytes JMP 0000000171121da0 .text F:\GMER.EXE[6864] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e58e24 7 bytes JMP 0000000171121d90 .text F:\GMER.EXE[6864] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58ea9 5 bytes JMP 0000000171121e80 .text F:\GMER.EXE[6864] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e591ff 5 bytes JMP 0000000171121e10 .text F:\GMER.EXE[6864] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074cf1d29 5 bytes JMP 0000000171122450 .text F:\GMER.EXE[6864] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074cf1dd7 5 bytes JMP 00000001711224b0 .text F:\GMER.EXE[6864] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074cf2ab1 5 bytes JMP 0000000171122520 .text F:\GMER.EXE[6864] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074cf2d17 5 bytes JMP 0000000171122670 .text F:\GMER.EXE[6864] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007682e96b 5 bytes JMP 0000000171121a00 .text F:\GMER.EXE[6864] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007682eba5 5 bytes JMP 0000000171121a90 ---- Processes - GMER 2.1 ---- Process C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-0 0000000000400000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\python27.dll (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020] (Python Core/Python Software Foundation)(2014-06-03 23:15:16) 000000001e000000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_hashlib.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:18) 0000000010000000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\win32api.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 000000001e8c0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\pywintypes27.dll (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 000000001e7a0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\pythoncom27.dll (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 0000000000350000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\win32com.shell.shell.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 000000001e800000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_socket.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 0000000000310000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_ssl.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020] 0000000001d00000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_ctypes.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:20) 000000001d1a0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\win32file.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:18) 000000001ea10000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_multiprocessing.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 0000000000330000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\msgpack._packer.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 00000000003c0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\msgpack._unpacker.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:20) 00000000003d0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\pyHook._cpyHook.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 0000000069dc0000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\win32gui.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:18) 000000001ea40000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\select.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:18) 000000001d110000 Library C:\Users\Vicky\AppData\Local\Temp\_MEI39322\_psutil_windows.pyd (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\ROAMING\PWO7\SVCHOST.EXE [4020](2014-06-03 23:15:21) 00000000003f0000 Process C:\USERS\VICKY\APPDATA\LOCAL\TEMP\_MEI39322\BIN\WINLOGON.EXE (*** suspicious ***) @ C:\USERS\VICKY\APPDATA\LOCAL\TEMP\_MEI39322\BIN\WINLOGON.EXE [5428](2014-06-03 23:15:24) 0000000000400000 Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90ECB3F2-CDFA-4C36-AEEE-F841D5B44B27}\offreg.dll (*** suspicious ***) @ C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1344](2014-06-04 00:23:56) 000007fef3df0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac728955c296 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac728955c296 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet) ---- EOF - GMER 2.1 ----