GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-11-01 20:22:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000083 KINGSTON rev.541A 111,79GB Running: 269dee1d.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\ugloipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[940] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000772290a0 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1800] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef758dc88 5 bytes JMP 000007fff75600d8 .text C:\Windows\system32\Dwm.exe[2292] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef758de10 5 bytes JMP 000007fff7560110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files (x86)\SCM\SCM.exe[2920] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe[2960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000100e0fa56 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3016] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[3152] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Windows\SysWOW64\PnkBstrA.exe[3248] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 000000006faa17fa 2 bytes CALL 76d811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3248] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 000000006faa1860 2 bytes CALL 76d811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3248] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 000000006faa1942 2 bytes JMP 76b17089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3248] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000006faa194d 2 bytes JMP 76b1cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3348] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3460] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3804] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fededc2460 5 bytes JMP 000007fefd4302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3948] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fededf96b0 6 bytes JMP 000007fefd430298 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd3e0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd3e00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd3e0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [F9, FF] .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd3e0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd3e01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4980] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd3e01b8 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Windows\system32\igfxEM.exe[5488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Windows\system32\igfxHK.exe[5516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[5644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[5916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007721a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077223f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007723ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007724f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077279a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077289510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772a8830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fededc2460 5 bytes JMP 000007fefd4302d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[6168] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fededf96b0 6 bytes JMP 000007fefd430298 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd442db0 5 bytes JMP 000007fffd430180 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4437d0 7 bytes JMP 000007fffd4300d8 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd44a410 2 bytes JMP 000007fffd430110 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd44a413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd44aec0 6 bytes JMP 000007fffd430148 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3c74a0 11 bytes JMP 000007fffd430228 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3dbf10 7 bytes JMP 000007fffd430260 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0389d0 8 bytes JMP 000007fffd4301f0 .text C:\Windows\system32\wbem\unsecapp.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff03be40 8 bytes JMP 000007fffd4301b8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000170c22b20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076285ea5 5 bytes JMP 0000000170c22ae0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000762b9d0b 5 bytes JMP 0000000170c22a70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000775e1401 2 bytes JMP 76dab20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000775e1419 2 bytes JMP 76dab336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000775e1431 2 bytes JMP 76e28f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000775e144a 2 bytes CALL 76d84885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775e14dd 2 bytes JMP 76e28832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775e14f5 2 bytes JMP 76e28a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000775e150d 2 bytes JMP 76e28728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000775e1525 2 bytes JMP 76e28af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000775e153d 2 bytes JMP 76d9fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000775e1555 2 bytes JMP 76da68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000775e156d 2 bytes JMP 76e28ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000775e1585 2 bytes JMP 76e28b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000775e159d 2 bytes JMP 76e286ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775e15b5 2 bytes JMP 76d9fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775e15cd 2 bytes JMP 76dab2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775e16b2 2 bytes JMP 76e28eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775e16bd 2 bytes JMP 76e28681 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d81eee 7 bytes JMP 0000000170c23c50 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d85b85 7 bytes JMP 0000000170c24290 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d913e1 7 bytes JMP 0000000170c23ea0 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d9ea35 7 bytes JMP 0000000170c23c40 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e28eb4 7 bytes JMP 0000000170c236c0 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e28f39 5 bytes JMP 0000000170c23770 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e2928f 5 bytes JMP 0000000170c236d0 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076531d29 5 bytes JMP 0000000170c23680 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076531dd7 5 bytes JMP 0000000170c23640 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076532ab1 5 bytes JMP 0000000170c23780 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076532d1d 5 bytes JMP 0000000170c23480 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000767bd2b4 5 bytes JMP 0000000170c22c60 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000767bd4ee 5 bytes JMP 0000000170c22c70 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 0000000170c23400 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000170c23470 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000170c22960 .text C:\Users\Tomek\Downloads\do wirusów\GMER\269dee1d.exe[2624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000170c233e0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee07e741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee07e5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee07e5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee07e5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee07e7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee07e6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee07e6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee07e7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee07e7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee07e78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee07e4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee07e5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3748] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee07e7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\303a64d49ea4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\303a64d49ea4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Tomek\Downloads\do wirus\x2c7w\ComboFIX_instalka\ComboFix.exe 1 ---- EOF - GMER 2.1 ----