GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-07-04 20:55:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000078 TOSHIBA_ rev.JYTA 238,47GB Running: 6n3z7x4s.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077531401 2 bytes JMP 76c4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077531419 2 bytes JMP 76c4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077531431 2 bytes JMP 76cc9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007753144a 2 bytes CALL 76c24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775314dd 2 bytes JMP 76cc8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775314f5 2 bytes JMP 76cc8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007753150d 2 bytes JMP 76cc8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077531525 2 bytes JMP 76cc8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007753153d 2 bytes JMP 76c3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077531555 2 bytes JMP 76c46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007753156d 2 bytes JMP 76cc9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077531585 2 bytes JMP 76cc8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007753159d 2 bytes JMP 76cc88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775315b5 2 bytes JMP 76c3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775315cd 2 bytes JMP 76c4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775316b2 2 bytes JMP 76cc90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775316bd 2 bytes JMP 76cc8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076c28769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077531401 2 bytes JMP 76c4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077531419 2 bytes JMP 76c4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077531431 2 bytes JMP 76cc9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007753144a 2 bytes CALL 76c24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000775314dd 2 bytes JMP 76cc8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000775314f5 2 bytes JMP 76cc8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007753150d 2 bytes JMP 76cc8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077531525 2 bytes JMP 76cc8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007753153d 2 bytes JMP 76c3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077531555 2 bytes JMP 76c46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007753156d 2 bytes JMP 76cc9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077531585 2 bytes JMP 76cc8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007753159d 2 bytes JMP 76cc88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000775315b5 2 bytes JMP 76c3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000775315cd 2 bytes JMP 76c4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000775316b2 2 bytes JMP 76cc90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe[2216] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000775316bd 2 bytes JMP 76cc8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Program Files\Apoint2K\Apoint.exe[2556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[2672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\Apoint2K\HidFind.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\Apoint2K\Apntex.exe[2928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef5b0dc88 5 bytes JMP 000007fef5ae00d8 .text C:\Windows\system32\Dwm.exe[3320] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef5b0de10 5 bytes JMP 000007fef5ae0110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076665dd5 5 bytes JMP 0000000071002950 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076699c5b 5 bytes JMP 00000000710028e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe[3528] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076665dd5 5 bytes JMP 0000000071002950 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076699c5b 5 bytes JMP 00000000710028e0 .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071f11003 2 bytes [F1, 71] .text C:\Windows\System32\TiltWheelMouse.exe[3556] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071f11016 2 bytes [F1, 71] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076665dd5 5 bytes JMP 0000000071002950 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076699c5b 5 bytes JMP 00000000710028e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077531401 2 bytes JMP 76c4b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077531419 2 bytes JMP 76c4b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077531431 2 bytes JMP 76cc9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007753144a 2 bytes CALL 76c24885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775314dd 2 bytes JMP 76cc8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775314f5 2 bytes JMP 76cc8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007753150d 2 bytes JMP 76cc8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077531525 2 bytes JMP 76cc8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007753153d 2 bytes JMP 76c3fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077531555 2 bytes JMP 76c46907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007753156d 2 bytes JMP 76cc9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077531585 2 bytes JMP 76cc8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007753159d 2 bytes JMP 76cc88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775315b5 2 bytes JMP 76c3fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775315cd 2 bytes JMP 76c4b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775316b2 2 bytes JMP 76cc90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775316bd 2 bytes JMP 76cc8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071f11003 2 bytes [F1, 71] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[3828] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071f11016 2 bytes [F1, 71] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076665dd5 5 bytes JMP 0000000071002950 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076699c5b 5 bytes JMP 00000000710028e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071f11003 2 bytes [F1, 71] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3864] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071f11016 2 bytes [F1, 71] .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076665dd5 5 bytes JMP 0000000071002950 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076699c5b 5 bytes JMP 00000000710028e0 .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071f11003 2 bytes [F1, 71] .text C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe[3884] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071f11016 2 bytes [F1, 71] .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Program Files\ESET\ESET Endpoint Security\egui.exe[1244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Windows\system32\igfxEM.exe[4544] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778ba3f0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000778c3f00 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000778dffd0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778ef3f0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077919c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077929710 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077948ab0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdaf32f0 7 bytes JMP 000007fefdae00d8 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdafaa60 5 bytes JMP 000007fefdae0180 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdafac00 5 bytes JMP 000007fefdae0110 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb09ac0 5 bytes JMP 000007fefdae0148 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff9a8810 8 bytes JMP 000007fefdae01f0 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff9ab9d0 8 bytes JMP 000007fefdae01b8 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0a4650 6 bytes JMP 000007fefdae0228 .text C:\Windows\system32\igfxHK.exe[4552] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0b5f10 7 bytes JMP 000007fefdae0260 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076c21eee 7 bytes JMP 0000000071003980 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076c25b85 7 bytes JMP 0000000071003fc0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076c31409 7 bytes JMP 0000000071003bd0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076c3ea5d 7 bytes JMP 0000000071003970 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076cc90c4 5 bytes JMP 00000000710034c0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx + 6 0000000076cc90ca 1 byte INT3 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076cc9149 5 bytes JMP 0000000071003570 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076cc949f 5 bytes JMP 00000000710034d0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000771b1e4c 5 bytes JMP 0000000071003480 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000771b1efa 5 bytes JMP 0000000071003440 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000771b2bdc 5 bytes JMP 0000000071003580 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000771b2e7e 5 bytes JMP 0000000071003290 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007647e76f 5 bytes JMP 0000000071002ab0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007647e9a9 5 bytes JMP 0000000071002ac0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077578a29 5 bytes JMP 0000000071002990 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077585645 5 bytes JMP 0000000071003210 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007759f61f 5 bytes JMP 0000000071003280 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000775c0867 5 bytes JMP 00000000710027f0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000775d7af4 5 bytes JMP 00000000710031f0 .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071f11003 2 bytes [F1, 71] .text C:\Users\Toshiba\Desktop\6n3z7x4s.exe[5236] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071f11016 2 bytes [F1, 71] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4b3186da91f Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\e4b3186da91f (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini 41898 bytes ---- EOF - GMER 2.2 ----