GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-16 14:47:59 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-1EJ164 rev.LVD1 931,51GB Running: j3evf3jo.exe; Driver: C:\Users\user\AppData\Local\Temp\kxtdrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3820] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\WINDOWS\system32\taskhostex.exe[3544] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6890260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6890298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6890340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf68902d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6890308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf68901f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6890228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6890180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf68900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6890110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6890148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf68901b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6890420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd719690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf68903e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6890378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6890458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf68903b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6890490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff40ef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf68904c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ff9e4e0ead0 5 bytes JMP 00007ff9f68905a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3388] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ff9e4e3eb90 6 bytes JMP 00007ff9f6890570 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2976] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[2580] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2012] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4168] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[4552] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files\IDT\WDM\sttray64.exe[3156] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2156] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[3092] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\WINDOWS\SYSTEM32\notepad.exe[1736] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\WINDOWS\SYSTEM32\notepad.exe[1328] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff9f6f23e10 7 bytes JMP 00007ffaf6ac0260 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff9f6f23e20 7 bytes JMP 00007ffaf6ac0298 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff9f6fd39b0 7 bytes JMP 00007ffaf6ac0340 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff9f6fd3ef0 7 bytes JMP 00007ffaf6ac02d0 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff9f6fd3fe0 7 bytes JMP 00007ffaf6ac0308 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff9f70006c0 7 bytes JMP 00007ffaf6ac01f0 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff9f7000730 7 bytes JMP 00007ffaf6ac0228 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff9f6ad21d0 5 bytes JMP 00007ffaf6ac0180 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff9f6ad29d0 7 bytes JMP 00007ffaf6ac00d8 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff9f6ad4310 5 bytes JMP 00007ffaf6ac0110 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff9f6ad8900 5 bytes JMP 00007ffaf6ac0148 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff9f6b4f050 5 bytes JMP 00007ffaf6ac01b8 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff9f7481500 1 byte JMP 00007ffaf6ac0490 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff9f7481502 6 bytes {JMP 0xffffffffff63ef90} .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff9f7481750 8 bytes JMP 00007ffaf6ac04c8 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff9f9176d90 1 byte JMP 00007ffaf6ac0420 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ff9f9176d92 8 bytes {JMP 0xfffffffffd949690} .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff9f91874a0 5 bytes JMP 00007ffaf6ac03e8 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff9f9187560 9 bytes JMP 00007ffaf6ac0378 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff9f9187730 5 bytes JMP 00007ffaf6ac0458 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff9f9196b10 5 bytes JMP 00007ffaf6ac03b0 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ff9f943d050 7 bytes JMP 00007ffaf6ac0500 .text C:\WINDOWS\SYSTEM32\notepad.exe[400] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff9f946b170 5 bytes JMP 00007ffaf6ac0538 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [4428:3300] fffff960008202d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----