GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-23 18:25:12 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: vcgfsevp.exe; Driver: C:\Users\Franek\AppData\Local\Temp\awrdipow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037f3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037f302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2068] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2068] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3260] entry point in ".rdata" section 00000000691f71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef624dc88 5 bytes JMP 000007fff60800d8 .text C:\Windows\system32\Dwm.exe[3768] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef624de10 5 bytes JMP 000007fff6080110 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3968] entry point in ".rdata" section 00000000691f71e6 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4568] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Windows\system32\taskeng.exe[4956] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[5040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[4716] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Windows\SysWOW64\ACEngSvr.exe[4392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[5036] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\Elantech\ETDCtrl.exe[5996] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7972460 5 bytes JMP 000007fefd1802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5696] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef79a96b0 6 bytes JMP 000007fefd180298 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Windows\System32\igfxpers.exe[6136] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1484] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000755051dd 7 bytes JMP 0000000110053ac0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007550610b 7 bytes JMP 0000000110053c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007550c6c1 7 bytes JMP 0000000110053bf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 000000007554fc98 7 bytes JMP 0000000110053c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 000000007554fcd1 7 bytes JMP 0000000110053d30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 000000007554fcf5 7 bytes JMP 0000000110053ce0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[5328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077029040 5 bytes [90, 33, C0, 90, C3] .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd130180 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1300d8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd130148 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd130110 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1301f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1301b8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd130228 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[6032] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd130260 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\COMODO\GeekBuddy\unit_manager.exe[6224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe[6816] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[7032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Program Files\COMODO\GeekBuddy\unit.exe[6244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[6660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[6256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1224] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3688] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[5708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[1456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b25ea5 5 bytes JMP 0000000174293300 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b59d0b 5 bytes JMP 0000000174293290 .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Windows\AsScrPro.exe[6528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075658791 5 bytes [33, C0, C2, 04, 00] .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Users\Franek\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\user32.DLL!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075221465 2 bytes [22, 75] .text C:\Users\Franek\Downloads\OTL.exe[3600] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000752214bb 2 bytes [22, 75] .text ... * 2 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\notepad.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd198ef0 6 bytes JMP 000007fffd180148 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1aaf60 5 bytes JMP 000007fffd180110 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2f89e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff2fbe40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdf17490 11 bytes JMP 000007fffd180228 .text C:\Windows\notepad.exe[6004] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdf2bf00 7 bytes JMP 000007fffd180260 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075651f0e 7 bytes JMP 0000000174293df0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075655bad 7 bytes JMP 0000000174294100 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075661409 7 bytes JMP 0000000174293f30 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007566ea45 7 bytes JMP 0000000174293de0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000756f8e24 7 bytes JMP 0000000174293b50 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756f8ea9 5 bytes JMP 0000000174293c00 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000756f91ff 5 bytes JMP 0000000174293b60 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075441d29 5 bytes JMP 0000000174293ae0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075441dd7 5 bytes JMP 0000000174293a90 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075442ab1 5 bytes JMP 0000000174293c10 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075442d17 5 bytes JMP 0000000174293870 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007527e96b 5 bytes JMP 00000001742933c0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007527eba5 5 bytes JMP 00000001742933d0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000754f8a29 5 bytes JMP 0000000174293350 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075504572 5 bytes JMP 00000001742937f0 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007551e567 5 bytes JMP 0000000174293860 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000755407d7 5 bytes JMP 0000000174293280 .text C:\Users\Franek\Downloads\vcgfsevp.exe[4756] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075557a5c 5 bytes JMP 00000001742937e0 ---- Processes - GMER 2.1 ---- Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (Python Core/Python Software Foundation)(2014-06-23 14:45:32) 000000001e000000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001e8c0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001e7a0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000000260000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000002d0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000010000000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001e800000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000026e0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000003070000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:32) 00000000031a0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:33) 00000000003b0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:33) 0000000003390000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:33) 0000000003830000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000004200000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000042d0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:33) 00000000043a0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000045d0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000046e0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001d100000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000025c0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000003970000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001d1a0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001ea10000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001ec80000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001e9b0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001eaa0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000002ad0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000002b00000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208] (wxWidgets for MSW/wxWidgets development team)(2014-06-23 14:45:33) 0000000005770000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000005790000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 00000000057a0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001eb90000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 0000000005ae0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001eb60000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001e980000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001ebf0000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001ec20000 Library C:\Users\Franek\AppData\Local\Temp\_MEI53282\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6208](2014-06-23 14:45:32) 000000001ed40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6f5bc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6f5bc@782eeffb9b85 0x4F 0xC5 0x44 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6f5bc@fca13e21d833 0x20 0xD0 0x24 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6f5bc@045a952554d1 0xAF 0x68 0xB3 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68c6f5bc@5001bb381b62 0xD7 0x35 0x80 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6f5bc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6f5bc@782eeffb9b85 0x4F 0xC5 0x44 0x13 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6f5bc@fca13e21d833 0x20 0xD0 0x24 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6f5bc@045a952554d1 0xAF 0x68 0xB3 0x11 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68c6f5bc@5001bb381b62 0xD7 0x35 0x80 0xE0 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Dołącz podpisy cyfrowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Dołącz podpisy cyfrowe.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Narzędzie transferu licencji \x2014 AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Narzędzie transferu licencji \x2014 AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Przywróć ustawienia domyślne.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Przywróć ustawienia domyślne.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Eksportuj ustawienia programu AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Eksportuj ustawienia programu AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Importuj ustawienia programu AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Importuj ustawienia programu AutoCAD LT 2015.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Migracja z poprzedniej wersji.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD LT 2015 \x2014 polski (Polish)\Migracja ustawień niestandardowych\Migracja z poprzedniej wersji.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Franek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Content Service \x2014 konsola konfiguracji.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Content Service \x2014 konsola konfiguracji.lnk 1 ---- EOF - GMER 2.1 ----