GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-23 20:42:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: m57g1hli.exe; Driver: C:\Users\PAWE~1\AppData\Local\Temp\kxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003604000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff80003604042 4 bytes [00, 00, 00, 00] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1552] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef4d4dc88 5 bytes JMP 000007fff4b400d8 .text C:\Windows\system32\Dwm.exe[2288] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef4d4de10 5 bytes JMP 000007fff4b40110 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Windows\SysWOW64\PnkBstrA.exe[2608] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071631a22 2 bytes [63, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2608] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071631ad0 2 bytes [63, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2608] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071631b08 2 bytes [63, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2608] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071631bba 2 bytes [63, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2608] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071631bda 2 bytes [63, 71] .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Windows\system32\taskeng.exe[2824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Windows\system32\taskeng.exe[3028] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Windows\AsScrPro.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3184] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7212460 5 bytes JMP 000007fefc2102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3424] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef72496b0 6 bytes JMP 000007fefc210298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3816] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Windows\System32\igfxpers.exe[3168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Program Files\Elantech\ETDCtrl.exe[1724] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc1c0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc1c00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc1c0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc1c0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc1c01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[1840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc1c01b8 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe[4300] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[4340] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a81465 2 bytes [A8, 76] .text C:\Program Files (x86)\AVG Nation toolbar\vprot.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a814bb 2 bytes [A8, 76] .text ... * 2 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc977490 11 bytes JMP 000007fffc210228 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc98bf00 7 bytes JMP 000007fffc210260 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Windows\system32\wbem\unsecapp.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076ebaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ec4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076ee2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076eeefe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f199b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f294d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076f29640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076f4a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc222db0 5 bytes JMP 000007fffc210180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc2237d0 7 bytes JMP 000007fffc2100d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc228ef0 6 bytes JMP 000007fffc210148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc23af60 5 bytes JMP 000007fffc210110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc5c89e0 8 bytes JMP 000007fffc2101f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc5cbe40 8 bytes JMP 000007fffc2101b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5276] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5360] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe[2860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076901eee 7 bytes JMP 00000001715c168b .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076905b85 7 bytes JMP 00000001715c11a4 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769113e1 7 bytes JMP 00000001715c1280 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007691ea0d 7 bytes JMP 00000001715c123a .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007692b1d3 5 bytes JMP 00000001715c15a0 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000769a88b4 7 bytes JMP 00000001715c132f .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000769a8939 5 bytes JMP 00000001715c16cc .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769a8c8f 5 bytes JMP 00000001715c1703 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000764c1d1b 5 bytes JMP 00000001715c11bd .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000764c1dc9 5 bytes JMP 00000001715c1014 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000764c2aa4 5 bytes JMP 00000001715c154b .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000764c2d0a 5 bytes JMP 00000001715c1267 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e4e96b 5 bytes JMP 00000001715c15b9 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e4eba5 5 bytes JMP 00000001715c1181 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cd8a29 5 bytes JMP 00000001715c171c .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076ce4572 5 bytes JMP 00000001715c10a0 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cfe567 5 bytes JMP 00000001715c140b .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d37a5c 5 bytes JMP 00000001715c15c8 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076225ea5 5 bytes JMP 00000001715c15f0 .text C:\Users\Paweł\Desktop\gm\m57g1hli.exe[4448] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076259d0b 5 bytes JMP 00000001715c1217 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001044e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001044c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001045614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001045a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800104586c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa800491e2c0 Device \FileSystem\fastfat \Fat fffffa800990c2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800729a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006ae72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{59374CE9-F269-46BC-B28C-A822B80C8DD1} fffffa8006b742c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800729a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{11757088-B835-41ED-AE07-C9126B71B9B1} fffffa8006b742c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{04B95E83-61DF-48AA-AD3F-BCCACCE0A11F} fffffa8006b742c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800729a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b742c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800729a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{DFCD105D-E821-4493-B8C9-99BBB1AACC4A} fffffa8006b742c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dce9904 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dce9904@e4ec100d2e3b 0xE4 0xF6 0x6F 0x2E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dce9904@ec9b5bfa66eb 0x20 0x4F 0x82 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dce9904@6ce90722e4d0 0x58 0x2F 0xED 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dce9904@0c715dc4fb10 0x28 0xC8 0x69 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13312 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dce9904 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dce9904@e4ec100d2e3b 0xE4 0xF6 0x6F 0x2E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dce9904@ec9b5bfa66eb 0x20 0x4F 0x82 0x3E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dce9904@6ce90722e4d0 0x58 0x2F 0xED 0xF6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dce9904@0c715dc4fb10 0x28 0xC8 0x69 0xF1 ... ---- EOF - GMER 2.1 ----