GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-18 05:37:17 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 HGST_HTS541075A9E680 rev.JA2OA560 698,64GB Running: ci12need.exe; Driver: C:\Users\Izabela\AppData\Local\Temp\uwldrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600015b700 15 bytes [40, B5, F7, 01, 80, 39, 70, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600015b710 11 bytes [00, 15, FC, FF, 00, 27, C3, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Windows\system32\dwm.exe[892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Windows\system32\nvvsvc.exe[956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdd49a169a 4 bytes [9A, D4, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[956] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdd49a16a2 4 bytes [9A, D4, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdd49a181a 4 bytes [9A, D4, FD, 7F] .text C:\Windows\system32\nvvsvc.exe[956] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdd49a1832 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdd49a169a 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdd49a16a2 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdd49a181a 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdd49a1832 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1812] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffdd49a169a 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1812] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffdd49a16a2 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1812] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffdd49a181a 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\Windows Defender\MsMpEng.exe[1812] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffdd49a1832 4 bytes [9A, D4, FD, 7F] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d50260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d50298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d50308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d50340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d502d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d501f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d50228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d500d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d50180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d50148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d50110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d50420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d503e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d50378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d503b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d50458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d50490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd83ef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d504c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffdcba8a204 4 bytes JMP 00007ffdd3d505a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffdcbaa22cc 6 bytes JMP 00007ffdd3d50570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d50538 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2316] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d50500 .text C:\Windows\Explorer.EXE[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdd49a169a 4 bytes [9A, D4, FD, 7F] .text C:\Windows\Explorer.EXE[2444] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdd49a16a2 4 bytes [9A, D4, FD, 7F] .text C:\Windows\Explorer.EXE[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdd49a181a 4 bytes [9A, D4, FD, 7F] .text C:\Windows\Explorer.EXE[2444] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdd49a1832 4 bytes [9A, D4, FD, 7F] .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Windows\system32\DllHost.exe[3308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3440] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Windows\System32\skydrive.exe[3652] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3912] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files (x86)\SCM\SCM.exe[3952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3964] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffdd6689318 7 bytes JMP 00007ffed3d70538 .text C:\Windows\System32\igfxpers.exe[3280] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffdd668cbe0 7 bytes JMP 00007ffed3d70500 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffdd49bb6f4 10 bytes JMP 00007ffed3d70420 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffdd49c45d8 5 bytes JMP 00007ffed3d703e8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffdd49c4750 9 bytes JMP 00007ffed3d70378 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffdd49d4fc0 5 bytes JMP 00007ffed3d703b0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffdd49d5cb0 5 bytes JMP 00007ffed3d70458 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffdd6511500 1 byte JMP 00007ffed3d70490 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffdd6511502 6 bytes {JMP 0xfffffffffd85ef90} .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffdd6511750 8 bytes JMP 00007ffed3d704c8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4236] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdcac31f6a 4 bytes [C3, CA, FD, 7F] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4236] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdcac31f82 4 bytes [C3, CA, FD, 7F] .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffdd48628c0 7 bytes JMP 00007ffed3d70260 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffdd48643d8 7 bytes JMP 00007ffed3d70298 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffdd4911f20 7 bytes JMP 00007ffed3d70308 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffdd49140b4 7 bytes JMP 00007ffed3d70340 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffdd4914510 7 bytes JMP 00007ffed3d702d0 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffdd493cea0 7 bytes JMP 00007ffed3d701f0 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffdd493cf10 7 bytes JMP 00007ffed3d70228 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffdd3d82300 7 bytes JMP 00007ffed3d700d8 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffdd3d85770 5 bytes JMP 00007ffed3d70180 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffdd3d85860 5 bytes JMP 00007ffed3d70148 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffdd3d85a30 5 bytes JMP 00007ffed3d70110 .text C:\Windows\System32\SettingSyncHost.exe[1472] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffdd3dfa3f0 5 bytes JMP 00007ffed3d701b8 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!wcsncmp] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!log] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!_isnan] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!memcpy_s] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!strstr] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[msvcrt.dll!sin] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ADVAPI32.dll!RegOpenKeyExW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ADVAPI32.dll!RegCloseKey] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SelectPalette] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetEnhMetaFileHeader] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!RestoreDC] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!LPtoDP] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetViewportOrgEx] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!RectVisible] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!ScriptBreak] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetObjectType] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateFontIndirectW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateDIBSection] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateBitmap] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreatePatternBrush] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateDCA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetCurrentObject] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetDIBitsToDevice] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!StretchDIBits] [309d8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetDIBColorTable] [309cc00000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetDIBColorTable] [30a8000030000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetObjectA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!ExtTextOutA] [300a8000309c0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetBkMode] [30aa0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateFontIndirectA] [3099c00000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateDIBitmap] [30ad0000300c8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetDIBits] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!StretchBlt] [300f80003097c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetStretchBltMode] [30af8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetViewportOrgEx] [3095000000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetWindowOrgEx] [30b4800030120] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetTextCharsetInfo] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!TranslateCharsetInfo] [3017000030928] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetPixel] [30b88] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetTextMetricsA] [3090400000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GdiAlphaBlend] [30ba8000301b0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GdiTransparentBlt] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GdiGradientFill] [301d0000308e4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetClipRgn] [30bd0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SelectClipRgn] [308c000000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!ExtSelectClipRgn] [30bf8000301f8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetLayout] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!CreateRoundRectRgn] [302200003089c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetWindowOrgEx] [30c18] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!ExcludeClipRect] [3087000000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetTextAlign] [30c4000030240] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!IntersectClipRect] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!SetTextAlign] [302680003084c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!ExtTextOutW] [30c98] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[GDI32.dll!GetBrushOrgEx] [3082800000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetModuleHandleA] [302d800030804] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetFullPathNameW] [30cc0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetFileAttributesA] [307d800000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!DeleteFileA] [30ce8000302e8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetFileAttributesW] [30310000307b4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetProcessHeap] [30d2000030320] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!HeapFree] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!HeapCreate] [3073000000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FlushInstructionCache] [30d6000030368] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!ReadFile] [306dc00000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetFileSize] [30db0000303b8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!AddAtomW] [303d8000306a8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!DeleteAtom] [30dc0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!WriteFile] [3067c00000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!IsProcessorFeaturePresent] [30dd8000303e8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetLocaleInfoA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!IsDBCSLeadByte] [3040000030658] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!lstrcmpW] [30de8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!HeapDestroy] [3063000000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetCurrentThreadId] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetVersionExW] [616f6c79616c6564] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetModuleHandleW] [312d312d316c2d64] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetProcAddress] [6c6c642e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FindAtomW] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetSystemInfo] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!VirtualAlloc] [7972657571697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!VirtualProtect] [2e302d312d316c2d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!VirtualQuery] [2d697061006c6c64] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!TlsAlloc] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!TlsGetValue] [776c68732d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!TlsSetValue] [6f73626f2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!TlsFree] [2d316c2d6574656c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!lstrlenW] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CompareStringOrdinal] [617a696c61636f6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CompareStringW] [73626f2d6e6f6974] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetLocaleInfoW] [316c2d6574656c6f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetNumberFormatW] [6c6c642e302d322d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetUserDefaultLCID] [2d69706100000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CloseHandle] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SetEvent] [6c642e302d312d31] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!ResetEvent] [2d6970610000006c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!WaitForSingleObject] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CreateEventW] [697274732d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CreateThread] [6c6f73626f2d676e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetCurrentThread] [312d316c2d657465] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SetThreadPriority] [6c6c642e302d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetThreadPriority] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FreeLibraryAndExitThread] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetModuleHandleExW] [73626f2d70616568] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CompareStringEx] [316c2d6574656c6f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!RaiseException] [6c6c642e302d312d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!OutputDebugStringA] [2d69706100000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetLastError] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SetLastError] [776c68732d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetSystemDirectoryW] [6167656c2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FreeLibrary] [2d312d316c2d7963] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetModuleFileNameW] [6c6c642e30] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryW] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CreateActCtxW] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!ActivateActCtx] [32336c656e72656b] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!DeactivateActCtx] [2d79636167656c2d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FindActCtxSectionStringW] [642e312d312d316c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!QueryActCtxW] [2d69706100006c6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetVersionExA] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!VirtualFree] [666f72702d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SetProcessWorkingSetSize] [312d316c2d656c69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetUserDefaultLangID] [6c6c642e302d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!Sleep] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetTickCount] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalAlloc] [74737365636f7270] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalLock] [6c2d736461657268] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalUnlock] [6c642e322d312d31] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalFree] [2d6970610000006c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!LoadResource] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!LockResource] [646e61682d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SizeofResource] [2d312d316c2d656c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FindResourceA] [6c6c642e30] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!CreateFileW] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetFileType] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalMemoryStatusEx] [6c2d79726f6d656d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!LoadLibraryExW] [6c642e322d312d31] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetCurrentProcessId] [2d6970610000006c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!WideCharToMultiByte] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetACP] [696765722d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!MulDiv] [2d316c2d79727473] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!FindResourceW] [6c6c642e302d31] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!MultiByteToWideChar] [6e6168726f727265] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GlobalAddAtomW] [316c2d676e696c64] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetModuleHandleExA] [6c6c642e312d312d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!WaitForMultipleObjects] [2d69706100000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!DelayLoadFailureHook] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!RtlCaptureContext] [312d316c2d6e6f69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!RtlLookupFunctionEntry] [6c6c642e302d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!RtlVirtualUnwind] [772d736d2d697061] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!UnhandledExceptionFilter] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [2d6f666e69737973] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetCurrentProcess] [642e312d322d316c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!TerminateProcess] [2d69706100006c6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!QueryPerformanceCounter] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [656c69662d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetAtomNameW] [2e312d322d316c2d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[KERNEL32.dll!GetStringTypeExW] [2d697061006c6c64] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!PropVariantClear] [697274732d65726f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!PropVariantCopy] [2d312d316c2d676e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!RevokeDragDrop] [2d316c2d6e6f6974] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!OleUninitialize] [2d65726f632d6e69] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!OleDraw] [6c6c642e302d322d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[ole32.dll!CoInitialize] [2d69706100000000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RegisterSystemThread] [2e302d322d316c2d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWindowInDestroy] [2d697061006c6c64] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UnhookWindowsHookEx] [632d6e69772d736d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetKeyboardState] [302d322d316c2d68] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ChildWindowFromPointEx] [6c6c642e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWinEventHookInstalled] [6c642e6c6c64746e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!InvertRect] [6376736d0000006c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWindow] [6c6c642e7472] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetMenu] [30e00] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowLongW] [30e08] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowLongPtrW] [30e14] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowLongPtrW] [30e1e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetDesktopWindow] [30e26] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowThreadProcessId] [30e30] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetAncestor] [30e3a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CopyImage] [30e48] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PostMessageW] [30e52] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ShowWindow] [30e5e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetDC] [30e6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ReleaseDC] [30e7a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsIconic] [30e86] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClientRect] [30e90] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!TranslateMessage] [30e9a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DispatchMessageW] [30ea4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SendMessageW] [30eae] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetPropW] [30eb8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowsHookExW] [30ec2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadBitmapA] [30eda] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CallNextHookEx] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetTimer] [30ee4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!KillTimer] [30efe] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MonitorFromRect] [30f12] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetSystemMetrics] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadStringW] [30f26] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadImageW] [30f3e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetSysColor] [30f56] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawTextW] [30f72] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!FillRect] [30f7a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetAsyncKeyState] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CreateWindowExW] [30f92] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadIconW] [30fac] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadCursorW] [30fbe] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RegisterClassW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ClientToScreen] [30fca] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!BeginPaint] [30fd8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EndPaint] [30ff4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!InvalidateRect] [31008] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!TrackMouseEvent] [3101e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetCapture] [31034] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ReleaseCapture] [31042] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RegisterWindowMessageA] [31054] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMenuCheckMarkDimensions] [31064] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetProcessDefaultLayout] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadCursorA] [31074] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SystemParametersInfoA] [3108e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetSysColorBrush] [310a0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IntersectRect] [310b2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMonitorInfoA] [310c6] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EnumDisplayMonitors] [310d8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SendMessageA] [310e4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!WaitMessage] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PostQuitMessage] [310ee] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UnregisterClassA] [31100] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RegisterClassExW] [31116] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassInfoExW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsChild] [3112c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DestroyWindow] [31142] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowPos] [31150] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowPlacement] [3115e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWindowVisible] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetFocus] [3116a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetKeyState] [31184] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EnableWindow] [31194] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetSystemMenu] [311a4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EnableMenuItem] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowTextW] [311ba] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowRect] [311d2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!AdjustWindowRectEx] [311ee] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetRect] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!OffsetRect] [31200] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsRectEmpty] [3121e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowLongA] [3123a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowLongW] [3124a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassLongA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetParent] [3125a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PostMessageA] [3126e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UnregisterClassW] [31280] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetLayeredWindowAttributes] [31290] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MoveWindow] [312a2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MessageBeep] [312b0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MapWindowPoints] [312c4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!InflateRect] [312d4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EqualRect] [312e4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PtInRect] [312f4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMessageW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PeekMessageA] [31308] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!PeekMessageW] [31318] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MsgWaitForMultipleObjects] [3132a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWindowUnicode] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowTextA] [31338] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowTextW] [3134c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SendMessageTimeoutA] [31362] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SendMessageTimeoutW] [31378] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CallWindowProcW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetActiveWindow] [3138c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!AppendMenuW] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowLongPtrA] [313a6] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowLongPtrA] [313b6] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EnumWindows] [313ca] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EnumThreadWindows] [313e0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassNameA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindow] [313f2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MonitorFromWindow] [31406] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetFocus] [3141c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetCursorPos] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ScreenToClient] [31434] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!WindowFromPoint] [31442] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetParent] [31452] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!NotifyWinEvent] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!AnimateWindow] [3145e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DeferWindowPos] [3146a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassNameW] [31476] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetCursor] [31482] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!MonitorFromPoint] [3148e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMessagePos] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetForegroundWindow] [3149a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SystemParametersInfoW] [314a8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetKeyboardLayout] [314b4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetDoubleClickTime] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UpdateWindow] [314c2] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LoadImageA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsWindowEnabled] [314d4] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetForegroundWindow] [314ec] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetPropA] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UnionRect] [314f8] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!BeginDeferWindowPos] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!EndDeferWindowPos] [31514] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetCapture] [3152c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RedrawWindow] [0] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowsHookExA] [696f74610421] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassInfoA] [7474696e695f017e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsMenu] [63770515006d7265] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!UpdateLayeredWindow] [44d000072747373] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!TrackPopupMenuEx] [487000065657266] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowDC] [636f6c6c616d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetWindowRgn] [706d636d656d0492] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!ValidateRect] [736d615f00af0000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LockWindowUpdate] [746978655f67] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetPropW] [7970636d656d0493] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RemovePropW] [746c755f033a0000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowTextLengthA] [3640000735f616f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CopyRect] [6e6972706e73765f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassLongPtrA] [585f005600006674] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!FrameRect] [65746c6946747063] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!RegisterWindowMessageW] [636d656d04940072] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!VkKeyScanExW] [4950000735f7970] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawEdge] [65766f6d6d656d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawFrameControl] [7268637363770502] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsZoomed] [6e72747304ce0000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawTextExW] [747304d500706d63] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!SetRectEmpty] [4c2000072747372] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DestroyIcon] [726863727473] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawIconEx] [68637272747304d3] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CreateIconIndirect] [5f435f5f00580072] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetIconInfo] [6369666963657073] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!InternalGetWindowText] [72656c646e61685f] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!IsProcessDPIAware] [736d656d04970000] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowInfo] [7452045d00007465] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetTitleBarInfo] [4670756b6f6f4c6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DrawFocusRect] [456e6f6974636e75] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMessageTime] [2bb00007972746e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!LogicalToPhysicalPointForPerMonitorDPI] [75747061436c7452] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetClassLongW] [7865746e6f436572] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetMonitorInfoW] [566c745205690074] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!GetWindowTextLengthW] [6e556c6175747269] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!CreatePopupMenu] [1b0000646e6977] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[USER32.dll!DestroyMenu] [697243657661654c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDisposeImageAttributes] [f00006e6f6974] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetImageAttributesColorKeys] [6972437265746e45] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateFromHDC] [6365536c61636974] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDeleteGraphics] [1600006e6f6974] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDrawImagePointRectI] [696c616974696e49] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDrawImageRectRectI] [636974697243657a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipAlloc] [6f69746365536c61] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipFree] [65656c53002b006e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCloneImage] [656c6544000d0070] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDisposeImage] [6369746972436574] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetImageWidth] [6f69746365536c61] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetImageHeight] [706165480006006e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipImageRotateFlip] [5000065657246] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCloneBitmapAreaI] [7473654470616548] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipBitmapGetPixel] [6547000000796f72] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetImageGraphicsContext] [737365636f725074] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetImagePixelFormat] [2000070616548] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateBitmapFromStream] [6f6c6c4170616548] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateBitmapFromFile] [64616f4c00170063] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateBitmapFromScan0] [41676e69727453] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateBitmapFromHBITMAP] [6c62617369440001] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipBitmapLockBits] [4c64616572685465] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipBitmapUnlockBits] [6143797261726269] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetClipRect] [6547000f00736c6c] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDrawImageRectRect] [48656c75646f4d74] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipFillRectangle] [41656c646e61] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdiplusShutdown] [646f4d746547000e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateRegion] [4e656c6946656c75] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateImageAttributes] [d000057656d61] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetClipRegion] [6c75646f4d746547] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetClip] [6d614e656c694665] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipIsClipEmpty] [7246000a00004165] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDeletePen] [72617262694c6565] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateMatrix2] [646e694600080079] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDeleteMatrix] [656372756f736552] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetCompositingQuality] [6f4c001600577845] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetSmoothingMode] [72756f7365526461] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetPixelOffsetMode] [6f4c001900006563] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetWorldTransform] [72756f7365526b63] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipResetWorldTransform] [6547001900006563] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSaveGraphics] [446d657473795374] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipRestoreGraphics] [614c746c75616665] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipCreateMatrix] [1100004449676e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipTranslateRegionI] [6c61636f4c746547] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetDC] [416f666e4965] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipReleaseDC] [696c615673490029] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetCompositingMode] [67615065646f4364] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetCompositingMode] [4244734900270065] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetCompositingQuality] [79426461654c5343] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetSmoothingMode] [26000078456574] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetPixelOffsetMode] [654c534342447349] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetTextRenderingHint] [657479426461] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetTextRenderingHint] [495043746547000a] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetTextContrast] [65470009006f666e] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetTextContrast] [2000050434174] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipSetInterpolationMode] [53657261706d6f43] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetInterpolationMode] [57676e697274] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipGetWorldTransform] [6843656469570007] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[gdiplus.dll!GdipDeleteRegion] [746c754d6f547261] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[XmlLite.dll!CreateXmlWriter] [74794269746c754d] IAT C:\Windows\Explorer.EXE[2444] @ C:\Windows\system32\UIRibbon.dll[XmlLite.dll!CreateXmlReader] [43656469576f5465] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [568:2344] fffff960009a8b90 ---- Processes - GMER 2.1 ---- Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (Python Core/Python Software Foundation)(2015-01-18 04:05:46) 000000001e000000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001e8c0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001e7a0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 0000000001e90000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 00000000003c0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000010000000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001e800000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000002a90000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 0000000002b50000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:46) 0000000002c80000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:47) 0000000001f30000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:47) 0000000002e70000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:47) 0000000003310000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000003450000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000003d20000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:47) 0000000003df0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000004020000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 0000000004130000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001d100000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000001fd0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 00000000041f0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001d1a0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001ea10000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001ec80000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000002000000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001ea40000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001e9b0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001eaa0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001e980000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000002030000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452] (wxWidgets for MSW/wxWidgets development team)(2015-01-18 04:05:47) 0000000005250000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000005270000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001ebf0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 0000000005330000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 0000000005280000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001eb90000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001eb60000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 00000000052d0000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:46) 000000001ec20000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 000000001ed40000 Library C:\Users\Izabela\AppData\Local\Temp\_MEI9123\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2452](2015-01-18 04:05:45) 00000000052e0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xB0 0x6D 0x09 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xA9 0x2D 0xB0 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 53 Reg HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime 0xB7 0x35 0x01 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO17200_02_07DB_6E^46C0749CF51F0D1DE930542DE0264466@Timestamp 0x23 0x1A 0x55 0x6E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 648 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1210652801 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberbootEnabled 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID e862da3b-3176-4e1c-900b-9ebf9cd Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{6e91bef8-fe25-47ae-a9c3-e40b36060eb8} Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a649cf6b2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\240a64eab6b2 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{5ccb5b61-14cc-4772-88f5-1679c891d874}@LastProbeTime 1421555505 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?N?, ?sty ?18 ?15, 04:34:41???????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2706 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1698 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 52 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BD02978-BA55-43E2-9CFF-4D6AF1E5B98B}@LeaseObtainedTime 1421551898 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BD02978-BA55-43E2-9CFF-4D6AF1E5B98B}@T1 1421553698 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BD02978-BA55-43E2-9CFF-4D6AF1E5B98B}@T2 1421555048 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5BD02978-BA55-43E2-9CFF-4D6AF1E5B98B}@LeaseTerminatesTime 1421555498 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 59 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x39 0xA2 0xC7 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x39 0xA2 0xC7 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 5286 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 822 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x39 0xA2 0xC7 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 10477 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 922 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x39 0xA2 0xC7 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xC5 0x42 0x2A 0xE7 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63557148949330%3bID%3d6AB04DB3B8E7ADF6!106%3bLR%3d63557148947740%3bEP%3d4%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xA4 0x57 0x98 0x9A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 1 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastQueuePesterTime 0xE1 0x12 0xEB 0x1E ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Izabela\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_plugin-container_3c9e933b22ed95feab09a475b5b571816f16c0_82932b60_088d554d ---- EOF - GMER 2.1 ----