GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-15 15:08:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: 3d2xbs25.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwniypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1880] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006c6b1a22 2 bytes [6B, 6C] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006c6b1ad0 2 bytes [6B, 6C] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006c6b1b08 2 bytes [6B, 6C] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006c6b1bba 2 bytes [6B, 6C] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006c6b1bda 2 bytes [6B, 6C] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762e5ea5 5 bytes JMP 000000016c2f3300 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076319d0b 5 bytes JMP 000000016c2f3290 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6194da4 7 bytes JMP 000007fff61800d8 .text C:\Windows\system32\Dwm.exe[3668] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef61b9af4 7 bytes JMP 000007fff6180110 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Windows\System32\igfxpers.exe[4288] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762e5ea5 5 bytes JMP 000000016c2f3300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076319d0b 5 bytes JMP 000000016c2f3290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5092] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Windows\System32\wscript.exe[4368] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4532] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4620] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4624] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762e5ea5 5 bytes JMP 000000016c2f3300 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076319d0b 5 bytes JMP 000000016c2f3290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe[4728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000762e5ea5 5 bytes JMP 000000016c2f3300 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4172] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076319d0b 5 bytes JMP 000000016c2f3290 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4420] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8652460 5 bytes JMP 000007fefd9b02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4588] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef86896b0 6 bytes JMP 000007fefd9b0298 .text C:\Windows\SysWOW64\RunDll32.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text C:\Windows\SysWOW64\RunDll32.exe[3984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4908] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\system32\wuauclt.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text D:\pobrane\OTL.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Windows\notepad.exe[4124] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777caf40 7 bytes JMP 000000016fff0228 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777d4a60 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000777f2a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777ff010 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778299f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077839510 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007785a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9c40b0 7 bytes JMP 000007fffd9b00d8 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9c9ec0 7 bytes JMP 000007fffd9b0148 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9caea0 5 bytes JMP 000007fffd9b0180 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9cb040 5 bytes JMP 000007fffd9b0110 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefb89e0 8 bytes JMP 000007fffd9b01f0 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefbbe40 8 bytes JMP 000007fffd9b01b8 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc27490 11 bytes JMP 000007fffd9b0228 .text C:\Windows\notepad.exe[5500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdc3bf00 7 bytes JMP 000007fffd9b0260 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075d21f4e 7 bytes JMP 000000016c2f3df0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075d25be5 7 bytes JMP 000000016c2f4100 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d31441 7 bytes JMP 000000016c2f3f30 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075d3ea75 7 bytes JMP 000000016c2f3de0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc88ec 7 bytes JMP 000000016c2f3b50 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8971 5 bytes JMP 000000016c2f3c00 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc8cc7 5 bytes JMP 000000016c2f3b60 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076171094 5 bytes JMP 000000016c2f3ae0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076171142 5 bytes JMP 000000016c2f3a90 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076171bb2 5 bytes JMP 000000016c2f3c10 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076171d92 5 bytes JMP 000000016c2f3870 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000772be9a2 5 bytes JMP 000000016c2f33c0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000772bebdc 5 bytes JMP 000000016c2f33d0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b28a29 5 bytes JMP 000000016c2f3350 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b34572 5 bytes JMP 000000016c2f37f0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b4e567 5 bytes JMP 000000016c2f3860 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075b707d7 5 bytes JMP 000000016c2f3280 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075b87a5c 5 bytes JMP 000000016c2f37e0 .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077281465 2 bytes [28, 77] .text D:\pobrane\3d2xbs25.exe[6184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772814bb 2 bytes [28, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [6796:4196] 000007fee08c9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2cd05ace3a8e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2cd05ace3a8e (not active ControlSet) ---- EOF - GMER 2.1 ----