GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-27 13:32:59 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: pubvbbh6.exe; Driver: C:\Users\Izabela\AppData\Local\Temp\pwrdauog.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007fffb5d4d050 7 bytes JMP 00008000b3500500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007fffb5d7b170 5 bytes JMP 00008000b3500538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b34e0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b34e0298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b34e0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b34e02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b34e0308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b34e01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b34e0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b34e0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b34e00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b34e0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b34e0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b34e01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b34e0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd69690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b34e03e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b34e0378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b34e0458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b34e03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b34e0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd4fef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b34e04c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007fffaa9bead0 4 bytes JMP 00007fffb34e05a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007fffaa9eeb90 6 bytes JMP 00007fffb34e0570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007fffb5d4d050 7 bytes JMP 00008000b34e0500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3208] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007fffb5d7b170 5 bytes JMP 00008000b34e0538 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\WINDOWS\system32\taskhostex.exe[3264] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Windows\System32\SettingSyncHost.exe[5532] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007fffb5d4d050 7 bytes JMP 00008000b3500500 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007fffb5d7b170 5 bytes JMP 00008000b3500538 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Windows\System32\skydrive.exe[5684] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007fffb5d4d050 7 bytes JMP 00008000b3500500 .text C:\Windows\System32\igfxpers.exe[3088] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007fffb5d7b170 5 bytes JMP 00008000b3500538 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\DellTPad\Apoint.exe[4164] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\DellTPad\ApMsgFwd.exe[2564] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\DellTPad\Apntex.exe[772] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffb5313e10 7 bytes JMP 00008000b3500260 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffb5313e20 7 bytes JMP 00008000b3500298 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffb53c39b0 7 bytes JMP 00008000b3500340 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffb53c3ef0 7 bytes JMP 00008000b35002d0 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffb53c3fe0 7 bytes JMP 00008000b3500308 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffb53f06c0 7 bytes JMP 00008000b35001f0 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffb53f0730 7 bytes JMP 00008000b3500228 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffb35121d0 5 bytes JMP 00008000b3500180 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffb35129d0 7 bytes JMP 00008000b35000d8 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffb3514310 5 bytes JMP 00008000b3500110 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffb3518d80 5 bytes JMP 00008000b3500148 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fffb358f0b0 5 bytes JMP 00008000b35001b8 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffb5776d90 1 byte JMP 00008000b3500420 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007fffb5776d92 8 bytes {JMP 0xfffffffffdd89690} .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffb57874a0 5 bytes JMP 00008000b35003e8 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffb5787560 9 bytes JMP 00008000b3500378 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fffb5787730 5 bytes JMP 00008000b3500458 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffb5796b10 5 bytes JMP 00008000b35003b0 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffb5fe1500 1 byte JMP 00008000b3500490 .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fffb5fe1502 6 bytes {JMP 0xfffffffffd51ef90} .text C:\Program Files\DellTPad\HidFind.exe[4012] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffb5fe1750 8 bytes JMP 00008000b35004c8 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [620:668] fffff960009812d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xD1 0xFC 0xB4 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x8E 0x34 0x39 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xD1 0xFC 0xB4 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xA9 0xBF 0x48 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 76 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A40_1B_07DA_41^7BA5E4ACC2EC384B7772A4F471FD0C67@Timestamp 0x59 0x60 0x20 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 584 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2EB24A42-17D4-4110-BE85-A60542EB899D}\Connection@Name Reusable ISATAP Interface {2EB24A42-17D4-4110-BE85-A60542EB899D} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900063 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1318527229 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 85 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 441183583 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4434 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 6d9de385-cc35-42d6-b9af-cc75219 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4ceb427cfd0c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4ceb427cfd0c@00000000763d 0xB6 0xE4 0x52 0xFC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{adafaf8f-f360-44b9-8f2b-afa221c4912d}@LastProbeTime 1430086468 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{2EB24A42-17D4-4110-BE85-A60542EB899D}@InterfaceName Reusable ISATAP Interface {2EB24A42-17D4-4110-BE85-A60542EB899D} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{2EB24A42-17D4-4110-BE85-A60542EB899D}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{4B5F05CC-4E81-43E2-8B70-4E7EA1BF5E02}@DefunctTimestamp 0x31 0x47 0x3D 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?N?, ?kwi ?26 ?15, 10:16:36???????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5551 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 3847 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 77 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F04F226-F0BE-49D0-89E6-F50607C8FD32}@LeaseObtainedTime 1430079219 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F04F226-F0BE-49D0-89E6-F50607C8FD32}@T1 1430381619 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F04F226-F0BE-49D0-89E6-F50607C8FD32}@T2 1430608419 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F04F226-F0BE-49D0-89E6-F50607C8FD32}@LeaseTerminatesTime 1430684019 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore@Type 4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x9F 0xC1 0x49 0xC2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x9F 0xC1 0x49 0xC2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 282 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x9F 0xC1 0x49 0xC2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 282 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x9F 0xC1 0x49 0xC2 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xCF 0x6C 0xBA 0xA0 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63565675653150%3bID%3d47D54181243E4886!106%3bLR%3d63565676131500%3bEP%3d4%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x60 0x0A 0x23 0x0E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0x08 0x23 0x17 0x86 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[S2].txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 1 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_Windows Defender_fa82d174da8649064281f9587a602be16833c2_00000000_cab_1e79e09f Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x00 0x03 0x01 0x00 ... ---- Files - GMER 2.1 ---- File C:\ElsaWin\graphics\wi\R92-10153.png (size mismatch) 190117/55122 bytes executable File C:\ElsaWin\graphics\wi\S48-0228.png (size mismatch) 26096/23062 bytes executable File C:\ElsaWin\graphics\wi\R00-20319.png (size mismatch) 499712/123657 bytes executable File C:\ElsaWin\graphics\wi\R00-20320.png (size mismatch) 348160/27724 bytes executable File C:\ElsaWin\graphics\wi\R00-20324.png (size mismatch) 375808/116611 bytes executable File C:\ElsaWin\graphics\wi\R00-20325.png (size mismatch) 876544/67467 bytes executable File C:\ElsaWin\graphics\wi\R00-20326.png (size mismatch) 327680/128438 bytes executable File C:\ElsaWin\graphics\wi\S40-0301.png (size mismatch) 110592/22924 bytes executable File C:\ElsaWin\graphics\wi\S40-0302.png (size mismatch) 4218880/26282 bytes executable File C:\ElsaWin\graphics\wi\S40-0303.png (size mismatch) 32768/25454 bytes executable File C:\ElsaWin\graphics\wi\S40-0304.png (size mismatch) 417792/24331 bytes executable File C:\ElsaWin\graphics\wi\S40-0309.png (size mismatch) 790528/18408 bytes executable File C:\ElsaWin\graphics\wi\S40-0310.png (size mismatch) 86016/30953 bytes executable File C:\ElsaWin\graphics\wi\S40-0311.png (size mismatch) 114688/13051 bytes executable File C:\ElsaWin\graphics\wi\S40-0312.png (size mismatch) 118784/15170 bytes executable File C:\ElsaWin\graphics\wi\S40-0314.png (size mismatch) 806912/16784 bytes executable File C:\ElsaWin\graphics\wi\S40-0315.png (size mismatch) 28672/23748 bytes executable File C:\ElsaWin\graphics\wi\N20-11032.png (size mismatch) 35840/136465 bytes executable File C:\ElsaWin\graphics\wi\N20-11037.png (size mismatch) 29184/140547 bytes executable File C:\ElsaWin\graphics\wi\N20-11038.png (size mismatch) 140488/152085 bytes executable File C:\ElsaWin\graphics\wi\N20-11039.png (size mismatch) 115016/141008 bytes executable File C:\ElsaWin\graphics\wi\N42-10614.png (size mismatch) 17920/159890 bytes executable File C:\ElsaWin\graphics\wi\R00-20328.png (size mismatch) 192512/95553 bytes executable File C:\ElsaWin\graphics\wi\R00-20329.png (size mismatch) 647168/76126 bytes executable File C:\ElsaWin\graphics\wi\R34-10208.png (size mismatch) 135168/89475 bytes executable File C:\ElsaWin\graphics\wi\R34-10209.png (size mismatch) 323584/86483 bytes executable File C:\ElsaWin\graphics\wi\R34-10214.png (size mismatch) 274432/105163 bytes executable File C:\ElsaWin\graphics\wi\R00-20327.png (size mismatch) 327680/62054 bytes executable File C:\ElsaWin\graphics\wi\R20-10076.png (size mismatch) 303104/9974 bytes executable File C:\ElsaWin\graphics\wi\R20-10077.png (size mismatch) 483328/7820 bytes executable File C:\ElsaWin\graphics\wi\R72-10158.png (size mismatch) 41183/129056 bytes executable File C:\ElsaWin\graphics\wi\R57-10079.png (size mismatch) 413696/29833 bytes executable File C:\ElsaWin\graphics\wi\S30-0156.png (size mismatch) 147728/39888 bytes executable File C:\ElsaWin\graphics\wi\S30-0158.png (size mismatch) 22288/27720 bytes executable File C:\ElsaWin\graphics\wi\S30-0161.png (size mismatch) 242448/20155 bytes executable File C:\ElsaWin\graphics\wi\S30-0167.png (size mismatch) 1388544/27384 bytes executable File C:\ElsaWin\graphics\wi\R66-10305.png (size mismatch) 53248/103225 bytes executable File C:\ElsaWin\graphics\wi\R66-10307.png (size mismatch) 487424/129737 bytes executable File C:\ElsaWin\graphics\wi\R57-10078.png (size mismatch) 486400/196648 bytes executable File C:\ElsaWin\graphics\wi\S40-0272.png (size mismatch) 4311442/29648 bytes executable File C:\ElsaWin\graphics\wi\R64-10107.png (size mismatch) 53248/199319 bytes executable File C:\ElsaWin\graphics\wi\R66-10338.png (size mismatch) 487424/70340 bytes executable File C:\ElsaWin\graphics\wi\R66-10340.png (size mismatch) 372736/154024 bytes executable File C:\ElsaWin\graphics\wi\R66-10341.png (size mismatch) 190117/171218 bytes executable File C:\ElsaWin\graphics\wi\R24-10058.png (size mismatch) 221184/93248 bytes executable File C:\ElsaWin\graphics\wi\R24-10059.png (size mismatch) 270336/11780 bytes executable File C:\ElsaWin\graphics\wi\R24-10060.png (size mismatch) 1183744/9681 bytes executable File C:\ElsaWin\graphics\wi\R30-10039.png (size mismatch) 155648/24327 bytes executable File C:\ElsaWin\graphics\wi\R30-10040.png (size mismatch) 700416/94877 bytes executable File C:\ElsaWin\graphics\wi\R39-10035.png (size mismatch) 643072/9538 bytes executable File C:\ElsaWin\graphics\wi\R87-10112.png (size mismatch) 487424/11820 bytes executable File C:\Windows\FileManager\Assets\PhotosLargeLogo.scale-80.png (size mismatch) 166445/1169 bytes executable File C:\Windows\System32\en-US\certutil.exe.mui (size mismatch) 67112/141312 bytes executable File C:\Windows\SysWOW64\en-US\certutil.exe.mui (size mismatch) 67112/141312 bytes executable File C:\Windows\WinStore\AppxManifest.xml (size mismatch) 137009/1733 bytes executable ---- EOF - GMER 2.1 ----