GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-23 23:52:44 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a WDC_WD10JPVT-24A1YT0 rev.01.01A01 931,51GB Running: mxvy2lsk.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwddypoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1 fffff96000090101 14 bytes [C0, F3, 01, 80, 28, 6E, 01, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000090110 11 bytes [00, D3, FB, FF, 00, 3D, C7, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1016] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\WINDOWS\system32\dwm.exe[100] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7df0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7df0298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7df0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7df02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7df0308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7df01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7df0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7df0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7df00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7df0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7df0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7df01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7df0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd669690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7df03e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7df0378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7df0458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7df03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7df0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff6def90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7df04c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffead9aead0 5 bytes JMP 00007ffeb7df05a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffead9deb90 6 bytes JMP 00007ffeb7df0570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7df0500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3420] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7df0538 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\WINDOWS\system32\taskhostex.exe[3464] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7df0260 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7df0298 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7df0340 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7df02d0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7df0308 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7df01f0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7df0228 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7df0180 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7df00d8 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7df0110 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7df0148 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7df01b8 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7df0420 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd669690} .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7df03e8 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7df0378 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7df0458 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7df03b0 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7df0490 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff6def90} .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7df04c8 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7df0500 .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[3872] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7df0538 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\WINDOWS\system32\igfxEM.exe[4424] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\WINDOWS\system32\igfxHK.exe[4432] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Windows\System32\skydrive.exe[4744] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Windows\RTFTrack.exe[1308] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4300] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3400] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4936] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3016] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffeb836d050 7 bytes JMP 00007fffb7fd0500 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4224] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffeb839b170 5 bytes JMP 00007fffb7fd0538 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ffeba786d90 1 byte JMP 00007fffb7fd0420 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffeba786d92 8 bytes {JMP 0xfffffffffd849690} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffeba7974a0 5 bytes JMP 00007fffb7fd03e8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffeba797560 9 bytes JMP 00007fffb7fd0378 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffeba797730 5 bytes JMP 00007fffb7fd0458 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffeba7a6b10 5 bytes JMP 00007fffb7fd03b0 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffeb8711500 1 byte JMP 00007fffb7fd0490 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffeb8711502 6 bytes {JMP 0xffffffffff8bef90} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3896] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffeb8711750 8 bytes JMP 00007fffb7fd04c8 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffeb85b3e10 7 bytes JMP 00007fffb7fd0260 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffeb85b3e20 7 bytes JMP 00007fffb7fd0298 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffeb86639b0 7 bytes JMP 00007fffb7fd0340 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffeb8663ef0 7 bytes JMP 00007fffb7fd02d0 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffeb8663fe0 7 bytes JMP 00007fffb7fd0308 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffeb86906c0 7 bytes JMP 00007fffb7fd01f0 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffeb8690730 7 bytes JMP 00007fffb7fd0228 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffeb7fe21d0 5 bytes JMP 00007fffb7fd0180 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffeb7fe29d0 7 bytes JMP 00007fffb7fd00d8 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffeb7fe4310 5 bytes JMP 00007fffb7fd0110 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffeb7fe8d80 5 bytes JMP 00007fffb7fd0148 .text C:\Windows\System32\SettingSyncHost.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffeb805f0b0 5 bytes JMP 00007fffb7fd01b8 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [668:692] fffff960008cc2d0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [1996] (FreemakeUtilsService/Freemake)(2014-09-02 21:11:34) 0000000000960000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----