GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-05-01 11:30:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 59,63GB Running: ojdxz7ym.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\fxldapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3532] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007feed04dc88 5 bytes JMP 000007ffed0200d8 .text C:\Windows\system32\Dwm.exe[1860] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007feed04de10 5 bytes JMP 000007ffed020110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\Dell\QuickSet\quickset.exe[5324] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Windows\System32\igfxpers.exe[5200] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1756] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6236] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe[6412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe[6620] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[6628] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b ? C:\Windows\system32\mssprxy.dll [6628] entry point in ".rdata" section 0000000074a671e6 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Windows\system32\wbem\unsecapp.exe[6668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Users\Sebastian\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[6912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[6920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[6996] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe[7040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[6340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6380] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[5252] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSSysTrayIcon.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[6152] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007785fc4c 5 bytes JMP 000000007ef938b1 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Windows\SysWOW64\msiexec.exe[11028] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 00000000755c4889 5 bytes JMP 000000007ef943bd .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe[12088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d21401 2 bytes JMP 7723b1ef C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d21419 2 bytes JMP 7723b31a C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d21431 2 bytes JMP 772b8f09 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d2144a 2 bytes CALL 77214885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d214dd 2 bytes JMP 772b8802 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d214f5 2 bytes JMP 772b89d8 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d2150d 2 bytes JMP 772b86f8 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d21525 2 bytes JMP 772b8ac2 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d2153d 2 bytes JMP 7722fc78 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d21555 2 bytes JMP 772368bf C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d2156d 2 bytes JMP 772b8fc1 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d21585 2 bytes JMP 772b8b22 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d2159d 2 bytes JMP 772b86bc C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d215b5 2 bytes JMP 7722fd11 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d215cd 2 bytes JMP 7723b2b0 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d216b2 2 bytes JMP 772b8e84 C:\Windows\syswow64\kernel32.dll .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d216bd 2 bytes JMP 772b8651 C:\Windows\syswow64\kernel32.dll .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757f360 5 bytes JMP 000000016fff0148 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a9ab0 7 bytes JMP 000000016fff00d8 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b9540 5 bytes JMP 000000016fff0180 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b96b0 5 bytes JMP 000000016fff0110 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775d8860 7 bytes JMP 000000016fff01b8 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Users\Sebastian\Downloads\FRST64 (1).exe[8116] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd453460 7 bytes JMP 000007fffd4400d8 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a590 6 bytes JMP 000007fffd440148 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46ac00 5 bytes JMP 000007fffd440180 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd46ada0 5 bytes JMP 000007fffd440110 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeed89e0 8 bytes JMP 000007fffd4401f0 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeedbe40 8 bytes JMP 000007fffd4401b8 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff347490 11 bytes JMP 000007fffd440228 .text C:\Windows\system32\taskeng.exe[10528] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff35bf00 7 bytes JMP 000007fffd440260 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772213e1 7 bytes JMP 0000000174bc128f .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007723b1ef 5 bytes JMP 0000000174bc159b .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000772b8e84 7 bytes JMP 0000000174bc1339 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000772b8f09 5 bytes JMP 0000000174bc16b8 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000772b925f 5 bytes JMP 0000000174bc101e .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771c1d29 5 bytes JMP 0000000174bc11d1 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771c1dd7 5 bytes JMP 0000000174bc1019 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771c2ab1 5 bytes JMP 0000000174bc154b .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771c2d17 5 bytes JMP 0000000174bc1276 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 0000000174bc15b4 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 0000000174bc119a .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076ec5ea5 5 bytes JMP 0000000174bc15e6 .text C:\Users\Sebastian\Downloads\ojdxz7ym.exe[4496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ef9d0b 5 bytes JMP 0000000174bc122b ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[2652] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f3dbbe0] C:\Windows\system32\mfevtps.exe IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy] [706c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_CxxThrowException] [756f43207473614c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [7265746e] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!realloc] [6c6548207473614c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_onexit] [70] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_lock] [62006f006c0047] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__dllonexit] [6c0061] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_unlock] [650072006f0046] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!?terminate@@YAXXZ] [6e00670069] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_amsg_exit] [740073006f0043] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_initterm] [79006c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_XcptFilter] [66726570627375] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memset] [d9185390449e5347] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!memcpy_s] [167df3d96] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_purecall] [2e66726570627375] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!malloc] [626470] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!free] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_iob] [ccccc300000001b8] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_errno] [53c48b48cccccccc] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!wcsncpy_s] [ff3370ec83485756] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnwprintf] [8bd8788948107889] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!strncmp] [1778d0000275305] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!fprintf] [27480589c603] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!_vsnprintf] [5f0850fc63b] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[msvcrt.dll!__CxxFrameHandler3] [75000027413d3948] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[USER32.dll!UnregisterClassA] [6f43207473726946] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[USER32.dll!CharNextW] [7265746e75] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemFree] [2c1c748c0334500] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemRealloc] [2024448948800000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoCreateInstance] [4bbfffffd4a15ff] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ole32.dll!CoTaskMemAlloc] [98248489000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlCaptureContext] [fffffd6815ffc933] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlLookupFunctionEntry] [4800002729058948] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[ntdll.dll!RtlVirtualUnwind] [bd158d486024448d] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenA] [7fefdbbab00] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalAlloc] [7fefdbbabc0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!ReleaseMutex] [7fefdbbade0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WaitForSingleObject] [7fefdbba540] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DeleteFileA] [7fefdbc74e0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLocalTime] [7fefdbc4e60] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CopyFileA] [7fefdbbde60] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FormatMessageW] [7fefdc01be0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringW] [7fefdbc4c80] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FlushViewOfFile] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CreateFileA] [7758c090] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LocalFree] [775533e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThread] [775db860] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetLastError] [77559020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExW] [7758b9a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OutputDebugStringA] [7758ba00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [7758bae0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnhandledExceptionFilter] [77555190] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!TerminateProcess] [77561a70] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [77553360] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentProcessId] [77561580] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetCurrentThreadId] [775559a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MapViewOfFile] [77561510] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!UnmapViewOfFile] [77553380] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FindResourceW] [77554ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!FreeLibrary] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExW] [7feff91bfd4] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleHandleW] [7feff8d10ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!WideCharToMultiByte] [7feff8d137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryW] [7feff910b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!SizeofResource] [7feff8d10e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetModuleFileNameW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!MultiByteToWideChar] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrlenW] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!RaiseException] [7fef9041e28] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetLastError] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetProcAddress] [4a5bcc0400000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!lstrcmpiW] [123800000024] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!OpenFileMappingW] [638] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetShortPathNameW] [7fef9043470] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!CloseHandle] [7fef9043510] C:\Windows\system32\msscntrs.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!LoadLibraryExA] [49a0499f66c1aa3c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!DelayLoadFailureHook] [7649f35e261a5a9] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetVersionExA] [435c4d4554535953] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!GetTickCount] [6f43746e65727275] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!Sleep] [7465536c6f72746e] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\msscntrs.dll[KERNEL32.dll!QueryPerformanceCounter] [656369767265535c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!memset] [4400726576726553] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_amsg_exit] [7672655372657473] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_initterm] [6e65704f007265] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!free] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [66746e69727077] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentProcess] [6d636e72747304bb] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!UnhandledExceptionFilter] [6972706604330070] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetModuleHandleExA] [765f03520066746e] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!FreeLibrary] [66746e6972706e73] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!SetEvent] [626f695f016f0000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!WaitForSingleObjectEx] [636d656d04800000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [435f004c00007970] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CreateEventA] [45776f7268547878] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!lstrlenW] [78435f5f00570000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!FreeLibraryAndExitThread] [6148656d61724678] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetLastError] [3372656c646e] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!DisableThreadLibraryCalls] [1111a00000000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!TerminateProcess] [110e800000005] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CreateThread] [11110000110fc] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!MultiByteToWideChar] [a8240000ac60] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetProcAddress] [b0240000ad44] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!LoadLibraryA] [111270000a684] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!Sleep] [111350001112d] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!QueryPerformanceCounter] [1115b00011147] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetTickCount] [3000200010000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentThreadId] [746e636d6b700004] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetCurrentProcessId] [43006c6c642e7372] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [6c6f430065736f6c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[KERNEL32.dll!CloseHandle] [6c6c44007463656c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!NotifyServiceStatusChangeA] [656c654400d50000] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!CloseServiceHandle] [41656c69466574] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!OpenServiceA] [6f4674696157050c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegCloseKey] [4f656c676e695372] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegOpenKeyExA] [3fe007463656a62] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!DeregisterEventSource] [4d657361656c6552] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegQueryValueExA] [348000078657475] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!RegisterEventSourceA] [6c6c416c61636f4c] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!OpenSCManagerA] [4e52454b0000636f] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\rasctrs.dll[ADVAPI32.dll!QueryServiceStatus] [6c6c642e32334c45] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!_amsg_exit] [77558d70] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!free] [77555ae0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!_initterm] [77562130] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!_XcptFilter] [77561ff0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!memmove] [77556420] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[msvcrt.dll!memset] [77558d90] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!OpenSCManagerA] [7755bf20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!QueryServiceStatus] [77553c60] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!RegOpenKeyExA] [775615a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!RegQueryValueExA] [77561530] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!CloseServiceHandle] [77550980] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!OpenServiceA] [7754ae30] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[ADVAPI32.dll!RegCloseKey] [775d5440] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [7754ac00] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!TerminateProcess] [7758c680] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetCurrentThreadId] [77561bf0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetTickCount] [77553c40] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetCurrentProcess] [775533c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!UnhandledExceptionFilter] [775617f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [7754cdb0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!RtlVirtualUnwind] [775448d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!RtlLookupFunctionEntry] [77559020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!RtlCaptureContext] [775db860] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetCurrentProcessId] [77555190] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GlobalAlloc] [7758c090] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GetProcAddress] [775533e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!GlobalFree] [77554ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!LoadLibraryA] [77553380] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!Sleep] [7754d830] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\tapiperf.dll[KERNEL32.dll!QueryPerformanceCounter] [77561f80] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!_amsg_exit] [77555a20] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!free] [77554ff0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!_initterm] [77562090] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!malloc] [77556510] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!_XcptFilter] [77561580] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[msvcrt.dll!memmove] [775559a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!WmiOpenBlock] [7fefdbc74c0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!WmiQueryAllDataW] [7fefdbbadc4] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!WmiCloseBlock] [7fefdbba30c] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!DeregisterEventSource] [7fefdbc4e60] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!RegisterEventSourceA] [7fefdbbde60] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!RegCloseKey] [7fefdbba540] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!RegOpenKeyExA] [7fefdbc4c80] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!ReportEventA] [7fefdbc74e0] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[ADVAPI32.dll!RegQueryValueExA] [7fefdbba320] C:\Windows\system32\ADVAPI32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!TerminateProcess] [0] IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [77559020] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!UnhandledExceptionFilter] [77555190] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [775db860] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!RtlVirtualUnwind] [7758c4a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!RtlLookupFunctionEntry] [77555ac0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!RtlCaptureContext] [775533a0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!GetCurrentProcess] [775619f0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!HeapFree] [775505c0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!Sleep] [77553360] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!QueryPerformanceCounter] [77544ef0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!GetTickCount] [775617d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\system32\wbem\wmiprvse.exe[1464] @ C:\Windows\system32\usbperf.dll[KERNEL32.dll!GetCurrentProcessId] [77555c20] C:\Windows\system32\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2764] 00000000778927e5 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2780] 00000000778813b5 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2864] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2868] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2872] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2876] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2880] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2884] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2888] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2892] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2896] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2908] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2912] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2916] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2920] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2924] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2928] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2932] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2936] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2940] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2336] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2332] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2260] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2368] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2520] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2476] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2472] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2448] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2444] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2528] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2792] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:2808] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3080] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3160] 00000000778927e5 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3200] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3208] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3212] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3216] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3224] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3236] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:3240] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:4540] 0000000071ad29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2680:4556] 0000000071ad29e1 Thread C:\Windows\SysWOW64\msiexec.exe [11028:11052] 000000007ef9392e ---- Processes - GMER 2.1 ---- Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (Python Core/Python Software Foundation)(2015-05-01 08:19:12) 000000001e000000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001e8c0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001e7a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000000340000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000000260000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000010000000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001e800000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000002db0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000002e70000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:12) 0000000002fa0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:13) 00000000004a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:13) 0000000003190000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:13) 0000000003630000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000003f70000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000004040000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:13) 0000000004110000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000043d0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000044e0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000045a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001d100000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000007f0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001d1a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ea10000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ec80000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000000510000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ea40000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001e9b0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001eaa0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001e980000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000000530000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380] (wxWidgets for MSW/wxWidgets development team)(2015-05-01 08:19:13) 0000000000830000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000002070000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\_yappi.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 0000000002080000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ebf0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000057a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000041b0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001eb90000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000020a0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001eb60000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ec20000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 000000001ed40000 Library C:\Users\SEBAST~1\AppData\Local\Temp\_MEI65762\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6380](2015-05-01 08:19:12) 00000000041e0000 Library C:\Users\SEBAST~1\AppData\Local\Temp\cdo1325933800.dll (*** suspicious ***) @ C:\Windows\SysWOW64\msiexec.exe [11028] (Microsoft CDO for Windows Library/Microsoft Corporation)(2015-04-28 10:14:27) 0000000000480000 ---- Files - GMER 2.1 ---- File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_02fcf2 905663 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_02fcf3 32352 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_02fcf4 0 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030546 21698 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030547 19903 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030548 18386 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030549 18694 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054a 21266 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054b 17972 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054c 18824 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054d 16815 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054e 18073 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03054f 18926 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030552 38919 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0304e1 0 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0304f5 0 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030509 17051 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_03051d 16391 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030531 20277 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_030545 20844 bytes File C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_02fcf1 33609 bytes File C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4PWLDPI\clients[3].txt 1 bytes ---- EOF - GMER 2.1 ----