GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-27 14:55:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ATA_____ rev.CC44 931,51GB Running: y2un1uvy.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\kgloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\services.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\system32\ws2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\Dwm.exe[1476] C:\Windows\system32\ws2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\WS2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\system32\taskhost.exe[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1776] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\taskhost.exe[1776] C:\Windows\system32\ws2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\taskhost.exe[1776] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\taskhost.exe[1776] C:\Windows\system32\ws2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Windows\System32\rundll32.exe[2024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\System32\rundll32.exe[2024] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\System32\rundll32.exe[2024] C:\Windows\system32\ws2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\System32\rundll32.exe[2024] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\System32\rundll32.exe[2024] C:\Windows\system32\ws2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 00000000754430aa 7 bytes JMP 0000000100210095 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000075446bd8 7 bytes JMP 000000010021002d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000075447142 7 bytes JMP 00000001002100c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 000000007544cc3a 7 bytes JMP 0000000100210061 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000010014a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000010014a630 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000010014ab40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000010014abb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000010014ac90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000010014ac50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000010014ac10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000010014ad10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000010014abe0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000010014acd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000010014acf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000010014ae40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000010014aec0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000010014af00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000010014af40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000010014af80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000010014b000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000010014b060 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000010014b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000010014a690 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000010014a770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000010014a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000010014a990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1160] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000010014aa80 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000011000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000011000a630 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000011000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000011000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000011000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000011000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000011000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000011000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000011000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000011000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000011000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000011000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000011000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000011000af00 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000011000af40 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000011000af80 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000011000b000 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000011000b060 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000011000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000011000a690 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000011000a770 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000011000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000011000a990 .text C:\Windows\SysWOW64\HsMgr.exe[1264] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000011000aa80 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa6236ac 5 bytes JMP 000007fefe2501f0 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa623770 5 bytes JMP 000007fefe250298 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa6238d0 5 bytes JMP 000007fefe2501b8 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa623ca4 5 bytes JMP 000007fefe250260 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa623d40 5 bytes JMP 000007fefe250228 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa627fe0 7 bytes JMP 000007fefe250378 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa62a38c 5 bytes JMP 000007fefe2502d0 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa6449f0 5 bytes JMP 000007fefe250308 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa644ab0 5 bytes JMP 000007fefe250340 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa6452e0 5 bytes JMP 000007fefe2503b0 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa6453c0 5 bytes JMP 000007fefe250490 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa645454 5 bytes JMP 000007fefe2504c8 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa645514 5 bytes JMP 000007fefe250500 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa6455a4 6 bytes JMP 000007fefe2503e8 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa6455e4 6 bytes JMP 000007fefe250420 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa645624 5 bytes JMP 000007fefe250458 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa64567c 5 bytes JMP 000007fefe250538 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef8656944 7 bytes JMP 000007fefe250180 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef8675a84 7 bytes JMP 000007fefe250148 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef8675b90 7 bytes JMP 000007fefe250570 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef8675c94 7 bytes JMP 000007fefe2505a8 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef8675da8 5 bytes JMP 000007fefe2505e0 .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\ws2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\ws2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\ws2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system\HsMgr64.exe[1356] C:\Windows\system32\ws2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text D:\Rainlendar2\Rainlendar2.exe[1656] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text D:\Rainlendar2\Rainlendar2.exe[1656] C:\Windows\system32\WS2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text D:\Rainlendar2\Rainlendar2.exe[1656] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text D:\Rainlendar2\Rainlendar2.exe[1656] C:\Windows\system32\WS2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000011000a4d0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000011000a630 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000011000ab40 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000011000abb0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000011000ac90 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000011000ac50 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000011000ac10 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000011000ad10 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000011000abe0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000011000acd0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000011000acf0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000011000ae40 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000011000aec0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000011000af00 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000011000af40 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000011000af80 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000011000b000 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000011000b060 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000011000b0d0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000011000a690 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000011000a770 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000011000a8a0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000011000a990 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1528] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000011000aa80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe[2404] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe[2588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[3060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000010053a4d0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000010053a630 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000010053ab40 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000010053abb0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000010053ac90 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000010053ac50 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000010053ac10 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000010053ad10 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000010053abe0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000010053acd0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000010053acf0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000010053ae40 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000010053aec0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000010053af00 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000010053af40 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000010053af80 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000010053b000 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000010053b060 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000010053b0d0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000010053a690 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000010053a770 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000010053a8a0 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000010053a990 .text C:\Program Files (x86)\Gaming Mouse\hid.exe[1248] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000010053aa80 .text C:\Program Files\AVAST Software\Avast\avastui.exe[1620] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075a38791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[1620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 00000001002da4d0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 00000001002da630 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 00000001002dab40 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 00000001002dabb0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 00000001002dac90 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 00000001002dac50 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 00000001002dac10 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 00000001002dad10 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 00000001002dabe0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 00000001002dacd0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 00000001002dacf0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 00000001002dae40 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 00000001002daec0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 00000001002daf00 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 00000001002daf40 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 00000001002daf80 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 00000001002db000 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 00000001002db060 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 00000001002db0d0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 00000001002da690 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 00000001002da770 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 00000001002da8a0 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 00000001002da990 .text C:\Program Files (x86)\Gaming Mouse\trayicon.exe[2200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 00000001002daa80 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000010028a4d0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\syswow64\ole32.DLL!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000010028a630 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000010028ab40 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000010028abb0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000010028ac90 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000010028ac50 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000010028ac10 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000010028ad10 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000010028abe0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000010028acd0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000010028acf0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000010028ae40 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000010028aec0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000010028af00 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000010028af40 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000010028af80 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000010028b000 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000010028b060 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000010028b0d0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000010028a690 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000010028a770 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000010028a8a0 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000010028a990 .text D:\Ad Muncher\AdMunch.exe[1200] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000010028aa80 .text D:\HTC\HSMServiceEntry.exe[3020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[2904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Windows\system32\PnkBstrA.exe[2876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Windows\system32\PnkBstrA.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Windows\system32\PnkBstrA.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000774cef8d 1 byte [62] .text D:\HTC\HTC Sync\adb.exe[4176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4684] C:\Windows\system32\WS2_32.dll!connect + 1 000007feff8345c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Windows\system32\wbem\unsecapp.exe[4684] C:\Windows\system32\WS2_32.dll!getsockname 000007feff839480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Windows\system32\wbem\unsecapp.exe[4684] C:\Windows\system32\WS2_32.dll!WSAConnect 000007feff85e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Windows\system32\wbem\unsecapp.exe[4684] C:\Windows\system32\WS2_32.dll!getpeername 000007feff85e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076109d0b 5 bytes JMP 000000010047a4d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076109d4e 5 bytes JMP 000000010047a630 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e81465 2 bytes [E8, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e814bb 2 bytes [E8, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000711c451e 5 bytes JMP 000000010047ab40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000711c4b6d 5 bytes JMP 000000010047abb0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000711c4bf2 5 bytes JMP 000000010047ac90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000711c4f0f 5 bytes JMP 000000010047ac50 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000711c4f7b 5 bytes JMP 000000010047ac10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000711c9054 5 bytes JMP 000000010047ad10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000711cadf9 5 bytes JMP 000000010047abe0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000711e52e8 5 bytes JMP 000000010047acd0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000711e535f 5 bytes JMP 000000010047acf0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000711e59cc 5 bytes JMP 000000010047ae40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 00000000711e5a6a 5 bytes JMP 000000010047aec0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 00000000711e5ad7 5 bytes JMP 000000010047af00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 00000000711e5b5b 5 bytes JMP 000000010047af40 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInStart 00000000711e5bba 5 bytes JMP 000000010047af80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInStop 00000000711e5bee 5 bytes JMP 000000010047b000 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInReset 00000000711e5c22 5 bytes JMP 000000010047b060 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 00000000711e5c67 5 bytes JMP 000000010047b0d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 000000006fe47e3d 5 bytes JMP 000000010047a690 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006fe7de69 5 bytes JMP 000000010047a770 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006fe8d2c5 5 bytes JMP 000000010047a8a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006fe8d371 5 bytes JMP 000000010047a990 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006fe8d429 5 bytes JMP 000000010047aa80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe[4296] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] .text C:\Users\Piotr\Desktop\y2un1uvy.exe[3788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075a5a2fd 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4952] 000007fefb8f2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:4960] 000007feeeee4830 Thread C:\Windows\System32\svchost.exe [2192:4248] 000007feee5c9688 ---- EOF - GMER 2.1 ----