GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-09 10:59:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000086 ATA_____ rev.AF10 465,76GB Running: gmer ej0ohg8h.exe; Driver: C:\Users\Artur\AppData\Local\Temp\uxdcypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88007c28d8c 12 bytes {MOV RAX, 0xfffffa800a5172a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1844] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7fddc88 5 bytes JMP 000007fff7dd00d8 .text C:\Windows\system32\Dwm.exe[2188] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7fdde10 5 bytes JMP 000007fff7dd0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8e02460 5 bytes JMP 000007fefd8102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2340] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef8e396b0 6 bytes JMP 000007fefd810298 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2420] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Windows\System32\igfxpers.exe[3180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3188] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Elantech\ETDCtrl.exe[3224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files (x86)\SCM\Radio Manager.exe[3308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files (x86)\SCM\SCM.exe[3336] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[3692] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[4084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[2264] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000774aaf40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774b4a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774d2990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077519640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007753a500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd822db0 5 bytes JMP 000007fffd810180 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8237d0 7 bytes JMP 000007fffd8100d8 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 6 bytes JMP 000007fffd810148 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd83af60 5 bytes JMP 000007fffd810110 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd8c7490 11 bytes JMP 000007fffd810228 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8dbf00 7 bytes JMP 000007fffd810260 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3b89e0 8 bytes JMP 000007fffd8101f0 .text C:\Windows\system32\wuauclt.exe[4204] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3bbe40 8 bytes JMP 000007fffd8101b8 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\user32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\user32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\user32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\user32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\! programy\totalcmd\TOTALCMD.EXE[4304] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772e1eee 7 bytes JMP 0000000172321695 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772e5b85 7 bytes JMP 00000001723211a9 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f13e1 7 bytes JMP 000000017232128a .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772fea0d 7 bytes JMP 0000000172321244 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b1d3 5 bytes JMP 00000001723215aa .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888b4 7 bytes JMP 0000000172321339 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388939 5 bytes JMP 00000001723216d6 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388c8f 5 bytes JMP 000000017232170d .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077291d1b 5 bytes JMP 00000001723211c2 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077291dc9 5 bytes JMP 0000000172321014 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077292aa4 5 bytes JMP 0000000172321555 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077292d0a 5 bytes JMP 0000000172321271 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756de96b 5 bytes JMP 00000001723215c3 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756deba5 5 bytes JMP 0000000172321186 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f48a29 5 bytes JMP 0000000172321726 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f54572 5 bytes JMP 00000001723210a0 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f6e567 5 bytes JMP 0000000172321415 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fa7a5c 5 bytes JMP 00000001723215d2 .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a85ea5 5 bytes JMP 00000001723215fa .text C:\! programy\diagnostyka\gmer\gmer ej0ohg8h.exe[1728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076ab9d0b 5 bytes JMP 000000017232121c ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001040f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001040cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800104169c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001041a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010418f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\abb3ytvv \Device\Scsi\abb3ytvv1Port1Path0Target0Lun0 fffffa800ab042c0 Device \Driver\abb3ytvv \Device\Scsi\abb3ytvv1 fffffa800ab042c0 Device \FileSystem\Ntfs \Ntfs fffffa80079662c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800a9252c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa80079622c0 Device \Driver\cdrom \Device\CdRom0 fffffa8009fa32c0 Device \Driver\cdrom \Device\CdRom1 fffffa8009fa32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C22C9422-313D-4AAD-A749-C4DD2B72A113} fffffa800a4022c0 Device \Driver\cdrom \Device\CdRom2 fffffa8009fa32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B02683B3-2D44-46FA-AEB7-5A2A1AD52B42} fffffa800a4022c0 Device \Driver\dtsoftbus01 \Device\0000008b fffffa8009f962c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800a9252c0 Device \Driver\iaStorA \Device\00000085 fffffa80079622c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8009f962c0 Device \Driver\USBSTOR \Device\000000b1 fffffa800ca132c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800a9252c0 Device \Driver\iaStorA \Device\00000086 fffffa80079622c0 Device \Driver\USBSTOR \Device\000000b2 fffffa800ca132c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a4022c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa80079622c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800a9252c0 Device \Driver\abb3ytvv \Device\ScsiPort1 fffffa800ab042c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{49E06DAB-DA8C-4696-954A-8D8D14839872} fffffa800a4022c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa80079622c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa80079622c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009e94060] fffffa8009e94060 Trace 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80080798d0] fffffa80080798d0 Trace 5 iaStorF.sys[fffff88001ad5a2c] -> nt!IofCallDriver -> \Device\00000086[0xfffffa8007ee7060] fffffa8007ee7060 Trace \Driver\iaStorA[0xfffffa8007ebed60] -> IRP_MJ_CREATE -> 0xfffffa80079622c0 fffffa80079622c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\abb3ytvv.SYS fffff88007b40000-fffff88007b8c000 (311296 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4788] 000007fefb862a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4792] 000000018000dc70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4796] 000000018000dc70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4800] 000000018000dc70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4804] 000000018000dc70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4236:4816] 000007fee514d618 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6c71d9b4e49f Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0xA6 0xC5 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x31 0x01 0x45 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x84 0xAA 0xDB ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6c71d9b4e49f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0D 0xA6 0xC5 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x25 0x31 0x01 0x45 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x84 0xAA 0xDB ... ---- EOF - GMER 2.1 ----