GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-18 16:27:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: 9swk7sgb.exe; Driver: C:\Users\Sayuri\AppData\Local\Temp\fxldapog.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\drivers\PCIIDEX.SYS!DllUnload fffff88000fe2a50 12 bytes {MOV RAX, 0xfffffa80069b92a0; JMP RAX} PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff880015cb4a0 12 bytes {MOV RAX, 0xfffffa80069a22a0; JMP RAX} .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff880053cad8c 12 bytes {MOV RAX, 0xfffffa800a50f2a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000104200 7 bytes [40, A3, F3, FF, 01, B5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000104208 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefaa92460 5 bytes JMP 000007fefda502d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1340] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefaac96b0 6 bytes JMP 000007fefda50298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1624] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefaa92460 5 bytes JMP 000007fefda502d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2160] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefaac96b0 6 bytes JMP 000007fefda50298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef829dc88 5 bytes JMP 000007fff80900d8 .text C:\Windows\system32\Dwm.exe[2196] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef829de10 5 bytes JMP 000007fff8090110 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Windows\system32\taskeng.exe[2204] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[2268] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Windows\system32\taskeng.exe[2416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[2712] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Windows\SysWOW64\ACEngSvr.exe[2792] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76] .text ... * 2 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Program Files\Elantech\ETDCtrl.exe[3444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76] .text ... * 2 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076241465 2 bytes [24, 76] .text C:\Windows\AsScrPro.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762414bb 2 bytes [24, 76] .text ... * 2 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe[3676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3732] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Users\Sayuri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe[3784] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda30180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda30148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda30110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4764] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda301b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000777ea400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000777f3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007780ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007781f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077849a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778594c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778787e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefda62db0 5 bytes JMP 000007fffda50180 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefda637d0 7 bytes JMP 000007fffda500d8 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefda68ef0 6 bytes JMP 000007fffda50148 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefda7af60 5 bytes JMP 000007fffda50110 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffca89f0 8 bytes JMP 000007fffda501f0 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffcabe50 8 bytes JMP 000007fffda501b8 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0e7490 11 bytes JMP 000007fffda50228 .text C:\Program Files\Elantech\ETDGesture.exe[5416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe0fbf00 7 bytes JMP 000007fffda50260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5596] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000174283320 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5784] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 00000001742832b0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076271f0e 7 bytes JMP 0000000174283dd0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076275bad 7 bytes JMP 00000001742840e0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076281409 7 bytes JMP 0000000174283f10 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007628ea45 7 bytes JMP 0000000174283dc0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076318e24 7 bytes JMP 0000000174283b50 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076318ea9 5 bytes JMP 0000000174283c00 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000763191ff 5 bytes JMP 0000000174283b60 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076771d29 5 bytes JMP 0000000174283b00 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076771dd7 5 bytes JMP 0000000174283ab0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076772ab1 5 bytes JMP 0000000174283c10 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076772d17 5 bytes JMP 0000000174283890 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766fe96b 5 bytes JMP 00000001742833e0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766feba5 5 bytes JMP 00000001742833f0 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075d18a29 5 bytes JMP 0000000174283370 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075d24572 5 bytes JMP 0000000174283810 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075d3e567 5 bytes JMP 0000000174283880 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075d607d7 5 bytes JMP 0000000174283280 .text C:\Users\Sayuri\Downloads\9swk7sgb.exe[6196] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075d77a5c 5 bytes JMP 0000000174283800 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010b2f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010b2cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010b369c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010b3a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010b38f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atsgradq \Device\Scsi\atsgradq1Port1Path0Target0Lun0 fffffa800a66d2c0 Device \Driver\atsgradq \Device\Scsi\atsgradq1 fffffa800a66d2c0 Device \FileSystem\Ntfs \Ntfs fffffa80073382c0 Device \FileSystem\fastfat \Fat fffffa800abd52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800a54f2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007ee62c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007ee62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D459FE75-1A62-40F4-BAEA-D00657442CDD} fffffa800a3092c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B91099FD-F8DC-4E58-907B-9E0A064780AD} fffffa800a3092c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800a54f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{88F43166-8417-42EA-BA44-DD3BD46A3A01} fffffa800a3092c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800a54f2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a3092c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800a54f2c0 Device \Driver\atsgradq \Device\ScsiPort1 fffffa800a66d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{18ABD598-DEB9-4F33-8887-B5A22FD8BDF1} fffffa800a3092c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\atsgradq.SYS fffff88004d79000-fffff88004dc5000 (311296 bytes) ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2324] (GG drive overlay/GG Network S.A.)(2014-09-09 10:42:46) 000000005c080000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----