GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-16 16:55:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB Running: 61ddvb3m.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1460] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75] .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75] .text ... * 2 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef804dc88 5 bytes JMP 000007fff7e400d8 .text C:\Windows\system32\Dwm.exe[1916] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef804de10 5 bytes JMP 000007fff7e40110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2004] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Windows\system32\taskeng.exe[1056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Windows\SysWOW64\ACEngSvr.exe[2312] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75] .text C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75] .text ... * 2 .text C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75] .text C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe[3164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Windows\System32\igfxpers.exe[3672] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8a0180 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8a00d8 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8a0148 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8a0110 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8a0228 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8a0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8a01f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[3712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8a01b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[1216] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[492] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[732] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3936] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff9c7490 11 bytes JMP 000007fffd8c0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff9dbf00 7 bytes JMP 000007fffd8c0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007794af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077954a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077972990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007797efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779da500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd8d2db0 5 bytes JMP 000007fffd8c0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8d37d0 7 bytes JMP 000007fffd8c00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8d8ef0 6 bytes JMP 000007fffd8c0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd8eaf60 5 bytes JMP 000007fffd8c0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdd889e0 8 bytes JMP 000007fffd8c01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdd8be40 8 bytes JMP 000007fffd8c01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef48a2460 5 bytes JMP 000007fefd8c02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4844] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef48d96b0 6 bytes JMP 000007fefd8c0298 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe[2652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e21465 2 bytes [E2, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e214bb 2 bytes [E2, 75] .text ... * 2 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076451eee 7 bytes JMP 0000000172fd1695 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076455b85 7 bytes JMP 0000000172fd11a9 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000764613e1 7 bytes JMP 0000000172fd128a .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007646ea0d 7 bytes JMP 0000000172fd1244 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007647b1d3 5 bytes JMP 0000000172fd15aa .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764f88b4 7 bytes JMP 0000000172fd1339 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764f8939 5 bytes JMP 0000000172fd16d6 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000764f8c8f 5 bytes JMP 0000000172fd170d .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075c11d1b 5 bytes JMP 0000000172fd11c2 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075c11dc9 5 bytes JMP 0000000172fd1014 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075c12aa4 5 bytes JMP 0000000172fd1555 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075c12d0a 5 bytes JMP 0000000172fd1271 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e96b 5 bytes JMP 0000000172fd15c3 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637eba5 5 bytes JMP 0000000172fd1186 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ee8a29 5 bytes JMP 0000000172fd1726 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ef4572 5 bytes JMP 0000000172fd10a0 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075f0e567 5 bytes JMP 0000000172fd1415 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f47a5c 5 bytes JMP 0000000172fd15d2 .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076595ea5 5 bytes JMP 0000000172fd15fa .text C:\Users\User\Downloads\61ddvb3m.exe[1496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765c9d0b 5 bytes JMP 0000000172fd121c ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DllHost.exe[5012] @ C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll[KERNEL32.dll!DisableThreadLibraryCalls] [76454885] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da7101b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db0ef6f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db0ef6f@ec9b5b74b2bd 0xAD 0x4C 0x65 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db0ef6f@001bafaeee89 0x29 0x6E 0xF0 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da7101b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db0ef6f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db0ef6f@ec9b5b74b2bd 0xAD 0x4C 0x65 0xBB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db0ef6f@001bafaeee89 0x29 0x6E 0xF0 0x29 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Sims.3.Kolekcja.POLiSH.REPACK.O22y\The Sims 3 Diesel \x2013 akcesoria\Setup.exe 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Sims.3.Kolekcja.POLiSH.REPACK.O22y\The Sims 3 Szybka jazda \x2013 akcesoria\Setup.exe 1 ---- EOF - GMER 2.1 ----