GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-16 00:13:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: q7f21wbh.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\fxldapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1476] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1476] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\windows\system32\Dwm.exe[1704] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3472] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3608] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 ? C:\windows\system32\mssprxy.dll [3664] entry point in ".rdata" section 0000000067f171e6 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[4048] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes JMP 769cb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes JMP 769cb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes JMP 76a48f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes CALL 769a4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes JMP 76a48832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes JMP 76a48a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes JMP 76a48728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes JMP 76a48af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes JMP 769bfc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes JMP 769c68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes JMP 76a48ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes JMP 76a48b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes JMP 76a486ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes JMP 769bfd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes JMP 769cb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes JMP 76a48eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4572] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes JMP 76a48681 C:\windows\syswow64\kernel32.dll .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\WINDOWS\System32\igfxpers.exe[5888] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\Program Files\IDT\WDM\sttray64.exe[5916] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\Program Files\DellTPad\Apoint.exe[5968] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[5980] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[5284] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[1352] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\DellTPad\HidFind.exe[5620] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\DellTPad\Apntex.exe[5632] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[1588] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5680] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe[3448] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3616] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2512] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5936] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4872] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000769a8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes JMP 769cb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes JMP 769cb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes JMP 76a48f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes CALL 769a4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes JMP 76a48832 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes JMP 76a48a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes JMP 76a48728 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes JMP 76a48af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes JMP 769bfc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes JMP 769c68df C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes JMP 76a48ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes JMP 76a48b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes JMP 76a486ec C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes JMP 769bfd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes JMP 769cb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes JMP 76a48eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4744] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes JMP 76a48681 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe[4740] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4928] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[6172] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[6244] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[6672] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5a00d8 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd5a0148 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffe54f8} .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd5a0180 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd5a0110 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd5a0228 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd5a0260 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5a01f0 .text C:\windows\system32\wbem\unsecapp.exe[4016] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5a01b8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes JMP 769cb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes JMP 769cb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes JMP 76a48f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes CALL 769a4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes JMP 76a48832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes JMP 76a48a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes JMP 76a48728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes JMP 76a48af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes JMP 769bfc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes JMP 769c68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes JMP 76a48ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes JMP 76a48b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes JMP 76a486ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes JMP 769bfd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes JMP 769cb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes JMP 76a48eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes JMP 76a48681 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef330 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629510 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077629680 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\kernel32.dll!RegSetValueExA 0000000077648830 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5b3460 7 bytes JMP 000007fffd5900d8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5bac50 1 byte JMP 000007fffd590148 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd5bac52 4 bytes {JMP 0xfffffffffffd54f8} .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5bb2c0 5 bytes JMP 000007fffd590180 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5bb460 5 bytes JMP 000007fffd590110 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbd89d0 8 bytes JMP 000007fffd5901f0 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbdbe40 8 bytes JMP 000007fffd5901b8 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\ole32.dll!CoCreateInstance 000007feff7e74a0 11 bytes JMP 000007fffd590228 .text C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe[7916] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007feff7fbf10 7 bytes JMP 000007fffd590260 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076d65ea5 5 bytes JMP 0000000174661ce0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d99d0b 5 bytes JMP 0000000174661c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077981401 2 bytes JMP 769cb20b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077981419 2 bytes JMP 769cb336 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077981431 2 bytes JMP 76a48f39 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007798144a 2 bytes CALL 769a4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000779814dd 2 bytes JMP 76a48832 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000779814f5 2 bytes JMP 76a48a08 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007798150d 2 bytes JMP 76a48728 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077981525 2 bytes JMP 76a48af2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007798153d 2 bytes JMP 769bfc98 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077981555 2 bytes JMP 769c68df C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007798156d 2 bytes JMP 76a48ff1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077981585 2 bytes JMP 76a48b52 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007798159d 2 bytes JMP 76a486ec C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000779815b5 2 bytes JMP 769bfd31 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000779815cd 2 bytes JMP 769cb2cc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000779816b2 2 bytes JMP 76a48eb4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6632] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000779816bd 2 bytes JMP 76a48681 C:\windows\syswow64\kernel32.dll .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000769b13e1 7 bytes JMP 0000000174661e90 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769cb20b 5 bytes JMP 0000000174661da0 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a48eb4 7 bytes JMP 0000000174661d90 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a48f39 5 bytes JMP 0000000174661e80 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a4928f 5 bytes JMP 0000000174661e10 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000768f1d29 5 bytes JMP 0000000174662450 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000768f1dd7 5 bytes JMP 00000001746624b0 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000768f2ab1 5 bytes JMP 0000000174662520 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000768f2d1d 5 bytes JMP 0000000174662670 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007539d2b4 5 bytes JMP 0000000174661a00 .text C:\Users\Mateusz\Downloads\q7f21wbh.exe[4028] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007539d4ee 5 bytes JMP 0000000174661a90 ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [7280:6420] 000007fed24d9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}\Connection@Name isatap.{C0B821D4-C4E0-435A-A426-C663A3BCC96B} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{07F79374-68EF-468A-BD44-4D0B6803A802}?\Device\{BD6E3D96-F5E4-48AC-8781-384BD8380853}?\Device\{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}?\Device\{8173DFDC-DE22-4089-8361-1E3DDFD559F7}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{07F79374-68EF-468A-BD44-4D0B6803A802}"?"{BD6E3D96-F5E4-48AC-8781-384BD8380853}"?"{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}"?"{8173DFDC-DE22-4089-8361-1E3DDFD559F7}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{07F79374-68EF-468A-BD44-4D0B6803A802}?\Device\TCPIP6TUNNEL_{BD6E3D96-F5E4-48AC-8781-384BD8380853}?\Device\TCPIP6TUNNEL_{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}?\Device\TCPIP6TUNNEL_{8173DFDC-DE22-4089-8361-1E3DDFD559F7}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f90122ce Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}@InterfaceName isatap.{C0B821D4-C4E0-435A-A426-C663A3BCC96B} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{12D8EE2E-58B0-4E9A-BD57-AA425F12B033}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x9D 0xF6 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f90122ce (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0x9D 0xF6 0x6F ... ---- EOF - GMER 2.1 ----