GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-19 11:58:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: jbisp9fz.exe; Driver: C:\Users\Browar\AppData\Local\Temp\ufdiipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9a0dc88 5 bytes JMP 000007fff99e00d8 .text C:\Windows\system32\Dwm.exe[1472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9a0de10 5 bytes JMP 000007fff99e0110 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Windows\system32\taskeng.exe[1168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1408] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000100432ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2560] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2640] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe[2648] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Windows\AsScrPro.exe[2848] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Windows\system32\igfxpers.exe[2264] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3088] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3128] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3372] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000768d5ea5 5 bytes JMP 0000000172dc2850 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076909d0b 5 bytes JMP 0000000172dc27e0 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Windows\system32\wbem\unsecapp.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd7d00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd7d0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd7d0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd7d0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd7d0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd7d0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd7d01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd7d01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef68f2460 5 bytes JMP 000007fefd7d02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4688] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef69296b0 6 bytes JMP 000007fefd7d0298 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2760] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2148] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2688] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4584] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2780] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\notepad.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2900] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075bf1401 2 bytes JMP 757fb1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075bf1419 2 bytes JMP 757fb31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075bf1431 2 bytes JMP 75878f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075bf144a 2 bytes CALL 757d4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075bf14dd 2 bytes JMP 75878802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075bf14f5 2 bytes JMP 758789d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075bf150d 2 bytes JMP 758786f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075bf1525 2 bytes JMP 75878ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075bf153d 2 bytes JMP 757efc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075bf1555 2 bytes JMP 757f68bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075bf156d 2 bytes JMP 75878fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075bf1585 2 bytes JMP 75878b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075bf159d 2 bytes JMP 758786bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075bf15b5 2 bytes JMP 757efd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075bf15cd 2 bytes JMP 757fb2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075bf16b2 2 bytes JMP 75878e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[5140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075bf16bd 2 bytes JMP 75878651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007777a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077783f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007779fff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000777af360 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777d9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000777e9540 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077808860 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077808862 5 bytes {JMP 0xfffffffff87e7990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd953460 7 bytes JMP 000007fffd9400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd96a590 6 bytes JMP 000007fffd940148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd96ac00 5 bytes JMP 000007fffd940180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd96ada0 5 bytes JMP 000007fffd940110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6f89e0 8 bytes JMP 000007fffd9401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff6fbe40 8 bytes JMP 000007fffd9401b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe037490 11 bytes JMP 000007fffd940228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe04bf00 7 bytes JMP 000007fffd940260 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757d1eee 7 bytes JMP 0000000172dc3910 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757d5b85 7 bytes JMP 0000000172dc3f90 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757e13e1 7 bytes JMP 0000000172dc3ba0 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757eea15 7 bytes JMP 0000000172dc3900 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075878e84 7 bytes JMP 0000000172dc34a0 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075878f09 5 bytes JMP 0000000172dc3550 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007587925f 5 bytes JMP 0000000172dc34b0 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076281d29 5 bytes JMP 0000000172dc3460 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076281dd7 5 bytes JMP 0000000172dc3420 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076282ab1 5 bytes JMP 0000000172dc3560 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076282d17 5 bytes JMP 0000000172dc3250 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d4e96b 5 bytes JMP 0000000172dc2970 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d4eba5 5 bytes JMP 0000000172dc2980 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a38a29 5 bytes JMP 0000000172dc2890 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a44572 5 bytes JMP 0000000172dc31d0 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a5e567 5 bytes JMP 0000000172dc3240 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076a807d7 5 bytes JMP 0000000172dc2710 .text D:\Programy\jbisp9fz.exe[5824] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076a97a5c 5 bytes JMP 0000000172dc31c0 ---- Devices - GMER 2.1 ---- Device \Driver\HidUsb \Device\00000096 fffff8800c7bf710 Device \Driver\HidUsb \Device\00000097 fffff8800c7bf710 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}\Connection@Name isatap.{F45F85EA-E938-43CD-B9A4-51673CDC5B39} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{0BC65E9A-7498-4156-97C8-C51791C121B6}?\Device\{394E87DB-16CE-4611-A1E7-79481924AE03}?\Device\{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}?\Device\{9D89F15E-45D9-4D50-A54B-C080A8DC3423}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{0BC65E9A-7498-4156-97C8-C51791C121B6}"?"{394E87DB-16CE-4611-A1E7-79481924AE03}"?"{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}"?"{9D89F15E-45D9-4D50-A54B-C080A8DC3423}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{0BC65E9A-7498-4156-97C8-C51791C121B6}?\Device\TCPIP6TUNNEL_{394E87DB-16CE-4611-A1E7-79481924AE03}?\Device\TCPIP6TUNNEL_{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}?\Device\TCPIP6TUNNEL_{9D89F15E-45D9-4D50-A54B-C080A8DC3423}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68f74218 Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}@InterfaceName isatap.{F45F85EA-E938-43CD-B9A4-51673CDC5B39} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{155FDA4E-1B19-4B38-9D7E-3E575EEF4359}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68f74218 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----