GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-08 09:32:06 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c Hitachi_HTS727575A9E364 rev.JF4OA0D0 698,64GB Running: gkyqm4l5.exe; Driver: C:\Users\maf2\AppData\Local\Temp\pgriqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIf3 00007ffcdb9fffc0 5 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffcdba041d0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\services.exe[972] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\lsass.exe[984] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d0538 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIf3 00007ffcdb9fffc0 5 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffcdba041d0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIf3 00007ffcdb9fffc0 5 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffcdba041d0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\svchost.exe[804] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\dwm.exe[1032] C:\WINDOWS\System32\gdi32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIf3 00007ffcdb9fffc0 5 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffcdba041d0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\svchost.exe[1088] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\System32\svchost.exe[1132] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1144] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1360] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\System32\svchost.exe[1432] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIf3 00007ffcdb9fffc0 5 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffcdba041d0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\svchost.exe[1484] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1908] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1460] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\igfxCUIService.exe[1868] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\KERNELBASE.dll!LoadLibraryExW + 363 00007ffcd920cd7b 3 bytes [8F, 32, 1F] .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\KERNELBASE.dll!CreateProcessInternalW 00007ffcd9211380 5 bytes JMP 00007ffcd91d00d8 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\KERNELBASE.dll!MoveFileWithProgressTransactedW 00007ffcd9237460 6 bytes JMP 00007ffcd91d03e8 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\KERNELBASE.dll!CopyFile2 00007ffcd9239f00 7 bytes JMP 00007ffcd91d0378 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\KERNELBASE.dll!CopyFileExW 00007ffcd923a080 7 bytes JMP 00007ffcd91d03b0 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\sihost.exe[1904] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[1688] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[2176] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\System32\spoolsv.exe[2308] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2764] entry point in ".rdata" section 00000000719c1590 ? C:\WINDOWS\System32\wlidNSP.dll [2764] entry point in ".rdata" section 0000000073d18350 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2832] entry point in ".rdata" section 0000000071638fc0 ? C:\Windows\System32\ActXPrxy.dll [2832] entry point in ".rdata" section 0000000073f19c50 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2832] entry point in ".rdata" section 00000000719c1590 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[2852] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [2876] entry point in ".rdata" section 0000000071638fc0 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe[2892] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\ShrewSoft\VPN Client\iked.exe[2912] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2920] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe[2928] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\OO Software\CleverCache\ooccag.exe[2956] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[3052] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [2496] entry point in ".rdata" section 000000007345c940 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\TightVNC\tvnserver.exe[3108] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Raxco\PerfectDisk\PDAgent.exe[3320] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3360] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\USER32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\USER32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4092] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\USER32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\USER32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\Explorer.EXE[4460] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1312] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe[4216] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3572] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\svchost.exe[5032] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\USER32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\USER32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\igfxEM.exe[872] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\USER32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\USER32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\igfxHK.exe[4356] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\System32\wlidNSP.dll [3576] entry point in ".rdata" section 0000000073d18350 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\DllHost.exe[3764] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\taskhostw.exe[4716] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\System32\RuntimeBroker.exe[5268] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\KERNELBASE.dll!LoadLibraryExW + 363 00007ffcd920cd7b 3 bytes [8F, 32, 1F] .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\KERNELBASE.dll!CreateProcessInternalW 00007ffcd9211380 5 bytes JMP 00007ffcd91d00d8 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\KERNELBASE.dll!MoveFileWithProgressTransactedW 00007ffcd9237460 6 bytes JMP 00007ffcd91d03e8 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\KERNELBASE.dll!CopyFile2 00007ffcd9239f00 7 bytes JMP 00007ffcd91d0378 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\KERNELBASE.dll!CopyFileExW 00007ffcd923a080 7 bytes JMP 00007ffcd91d03b0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5296] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\user32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\user32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\user32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\user32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5680] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6472] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\system32\apphelp.dll [6596] entry point in ".rdata" section 000000007206f7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6652] entry point in ".rdata" section 00000000719c1590 ? C:\WINDOWS\system32\apphelp.dll [6652] entry point in ".rdata" section 000000007206f7c0 ? C:\WINDOWS\System32\wlidNSP.dll [6652] entry point in ".rdata" section 0000000073d18350 ? C:\WINDOWS\System32\wlidNSP.dll [6692] entry point in ".rdata" section 0000000073d18350 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6816] entry point in ".rdata" section 00000000719c1590 ? C:\WINDOWS\System32\wlidNSP.dll [6816] entry point in ".rdata" section 0000000073d18350 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6816] entry point in ".rdata" section 000000007154a020 ? C:\WINDOWS\system32\ncryptsslp.dll [6816] entry point in ".rdata" section 000000006e3704f0 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\System32\InstallAgent.exe[6280] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\System32\InstallAgentUserBroker.exe[6236] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9112] entry point in ".rdata" section 00000000719c1590 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [9112] entry point in ".rdata" section 000000007154a020 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\wbem\WmiApSrv.exe[8896] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6988] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe[1512] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExA 00007ffcdc632730 12 bytes JMP 00007ffcd91d0420 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\USER32.dll!SetWindowsHookExW 00007ffcdc657490 9 bytes JMP 00007ffcd91d0458 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\USER32.dll!SetWinEventHook 00007ffcdc657d70 5 bytes JMP 00007ffcd91d0490 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\USER32.dll!EndTask 00007ffcdc693370 5 bytes JMP 00007ffcd91d01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2316] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [6420] entry point in ".rdata" section 000000007345c940 ? C:\WINDOWS\system32\wbem\wbemsvc.dll [6420] entry point in ".rdata" section 0000000071638fc0 ? C:\WINDOWS\System32\wlidNSP.dll [6420] entry point in ".rdata" section 0000000073d18350 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [6420] entry point in ".rdata" section 000000007154a020 ? C:\Windows\System32\ActXPrxy.dll [6420] entry point in ".rdata" section 0000000073f19c50 ? C:\WINDOWS\SYSTEM32\iertutil.dll [6420] entry point in ".rdata" section 00000000719c1590 ? C:\WINDOWS\system32\apphelp.dll [6420] entry point in ".rdata" section 000000007206f7c0 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[6744] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[10096] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\Windows\System32\smartscreen.exe[4384] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 00007ffcdca8ed90 7 bytes JMP 00007ffcd91d0148 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtClose 00007ffcdcae62a0 8 bytes JMP 00007ffcd91d0110 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffcdcae71b0 8 bytes JMP 00007ffcd91d04c8 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\AUDIODG.EXE[5168] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!DeleteDC 00007ffcdc332080 5 bytes JMP 00007ffcd91d0340 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!CreateDCA 00007ffcdc3338a0 5 bytes JMP 00007ffcd91d0228 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!CreateDCW 00007ffcdc334190 6 bytes JMP 00007ffcd91d0260 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!GetPixel 00007ffcdc334660 5 bytes JMP 00007ffcd91d0298 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!GdiAlphaBlend 00007ffcdc335450 6 bytes JMP 00007ffcd91d0308 .text C:\WINDOWS\system32\DllHost.exe[9956] C:\WINDOWS\System32\GDI32.dll!GdiTransparentBlt 00007ffcdc3354e0 6 bytes JMP 00007ffcd91d02d0 ? C:\WINDOWS\system32\apphelp.dll [4492] entry point in ".rdata" section 000000007206f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8748] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[6056] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[7208] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[3488] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[9888] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10020] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[10176] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[8768] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcdc4d002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcdc7a002c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffca2dfa514] C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll IAT C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe[2088] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!GetStockObject] [7ffcdc4d006c] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [800:836] ffffc3e56bc06c20 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----