GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-15 22:30:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB Running: 38rx3nb8.exe; Driver: C:\Users\Browar\AppData\Local\Temp\ufdiipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Windows\system32\Dwm.exe[1432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Windows\system32\taskeng.exe[1820] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[2044] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075151401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075151419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075151431 2 bytes JMP 75788f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007515144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751514dd 2 bytes JMP 75788822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751514f5 2 bytes JMP 757889f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007515150d 2 bytes JMP 75788718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075151525 2 bytes JMP 75788ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007515153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075151555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007515156d 2 bytes JMP 75788fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075151585 2 bytes JMP 75788b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007515159d 2 bytes JMP 757886dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751515b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751515cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751516b2 2 bytes JMP 75788ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751516bd 2 bytes JMP 75788671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 000000010093f4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Program Files\Rainlendar2\Rainlendar2.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2316] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE[2344] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2428] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2484] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2492] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Windows\system32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[2876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2632] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2512] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3512] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3601f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3601b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 0000000173282ac0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3648] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 0000000173282a50 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd360180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd360110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd360148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe6574a0 11 bytes JMP 000007fffd360228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4832] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe66bf10 7 bytes JMP 000007fffd360260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd350110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FD, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd350148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077418850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd372db0 5 bytes JMP 000007fffd340180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3737d0 7 bytes JMP 000007fffd3400d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37a410 2 bytes JMP 000007fffd340110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd37a413 2 bytes [FC, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd37aec0 6 bytes JMP 000007fffd340148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7f89d0 8 bytes JMP 000007fffd3401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd7fbe40 8 bytes JMP 000007fffd3401b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007feeaab2460 5 bytes JMP 000007fefd3402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4184] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007feeaae96b0 6 bytes JMP 000007fefd340298 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075151401 2 bytes JMP 7570b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075151419 2 bytes JMP 7570b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075151431 2 bytes JMP 75788f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007515144a 2 bytes CALL 756e489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751514dd 2 bytes JMP 75788822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751514f5 2 bytes JMP 757889f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007515150d 2 bytes JMP 75788718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075151525 2 bytes JMP 75788ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007515153d 2 bytes JMP 756ffca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075151555 2 bytes JMP 757068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007515156d 2 bytes JMP 75788fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075151585 2 bytes JMP 75788b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007515159d 2 bytes JMP 757886dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751515b5 2 bytes JMP 756ffd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751515cd 2 bytes JMP 7570b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751516b2 2 bytes JMP 75788ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751516bd 2 bytes JMP 75788671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756e1efe 7 bytes JMP 0000000173283b60 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756e5b9d 7 bytes JMP 00000001732841b0 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000756f13f9 7 bytes JMP 0000000173283dc0 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000756fea45 7 bytes JMP 0000000173283b50 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075788ea4 7 bytes JMP 00000001732836a0 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075788f29 5 bytes JMP 0000000173283750 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075789281 5 bytes JMP 00000001732836b0 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f21d29 5 bytes JMP 0000000173283660 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f21dd7 5 bytes JMP 0000000173283620 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f22ab1 5 bytes JMP 0000000173283760 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f22d1d 5 bytes JMP 0000000173283460 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007608d2b4 5 bytes JMP 0000000173282c40 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007608d4ee 5 bytes JMP 0000000173282c50 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075428a29 5 bytes JMP 0000000173282b00 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075434572 5 bytes JMP 00000001732833e0 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007544e567 5 bytes JMP 0000000173283450 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754707d7 5 bytes JMP 0000000173282940 .text C:\Users\Browar\Desktop\38rx3nb8.exe[3352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075487a5c 5 bytes JMP 00000001732833c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68f74218 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68f74218@382dd1d9c15c 0x5D 0x2D 0x5F 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C001A67A-65FB-43AC-98EB-E4693B773A37}@LeaseObtainedTime 1444929468 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C001A67A-65FB-43AC-98EB-E4693B773A37}@T1 1445361468 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C001A67A-65FB-43AC-98EB-E4693B773A37}@T2 1445685468 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C001A67A-65FB-43AC-98EB-E4693B773A37}@LeaseTerminatesTime 1445793468 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68f74218 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68f74218@382dd1d9c15c 0x5D 0x2D 0x5F 0x94 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----