GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-20 22:53:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10JPCX-24UE4T0 rev.01.01A01 931,51GB Running: 77yve7r0.exe; Driver: C:\Users\Adam\AppData\Local\Temp\pxdyapog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa4ddc88 5 bytes JMP 000007fffa4b00d8 .text C:\Windows\system32\Dwm.exe[1784] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa4dde10 5 bytes JMP 000007fffa4b0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ee8781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ec1401 2 bytes JMP 76f0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ec1419 2 bytes JMP 76f0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ec1431 2 bytes JMP 76f88fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ec144a 2 bytes CALL 76ee489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ec14dd 2 bytes JMP 76f888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ec14f5 2 bytes JMP 76f88aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ec150d 2 bytes JMP 76f887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ec1525 2 bytes JMP 76f88b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ec153d 2 bytes JMP 76effca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ec1555 2 bytes JMP 76f068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ec156d 2 bytes JMP 76f89089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ec1585 2 bytes JMP 76f88bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ec159d 2 bytes JMP 76f8877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ec15b5 2 bytes JMP 76effd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ec15cd 2 bytes JMP 76f0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ec16b2 2 bytes JMP 76f88f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1108] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ec16bd 2 bytes JMP 76f88713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000721f17fa 2 bytes CALL 76ee11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000721f1860 2 bytes CALL 76ee11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000721f1942 2 bytes JMP 76d37089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000721f194d 2 bytes JMP 76d3cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ec1401 2 bytes JMP 76f0b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ec1419 2 bytes JMP 76f0b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ec1431 2 bytes JMP 76f88fd1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ec144a 2 bytes CALL 76ee489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ec14dd 2 bytes JMP 76f888c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ec14f5 2 bytes JMP 76f88aa0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ec150d 2 bytes JMP 76f887ba C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ec1525 2 bytes JMP 76f88b8a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ec153d 2 bytes JMP 76effca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ec1555 2 bytes JMP 76f068ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ec156d 2 bytes JMP 76f89089 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ec1585 2 bytes JMP 76f88bea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ec159d 2 bytes JMP 76f8877e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ec15b5 2 bytes JMP 76effd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ec15cd 2 bytes JMP 76f0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ec16b2 2 bytes JMP 76f88f4c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ec16bd 2 bytes JMP 76f88713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ec1401 2 bytes JMP 76f0b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ec1419 2 bytes JMP 76f0b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ec1431 2 bytes JMP 76f88fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ec144a 2 bytes CALL 76ee489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ec14dd 2 bytes JMP 76f888c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ec14f5 2 bytes JMP 76f88aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ec150d 2 bytes JMP 76f887ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ec1525 2 bytes JMP 76f88b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ec153d 2 bytes JMP 76effca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ec1555 2 bytes JMP 76f068ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ec156d 2 bytes JMP 76f89089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ec1585 2 bytes JMP 76f88bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ec159d 2 bytes JMP 76f8877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ec15b5 2 bytes JMP 76effd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ec15cd 2 bytes JMP 76f0b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ec16b2 2 bytes JMP 76f88f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2400] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ec16bd 2 bytes JMP 76f88713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Program Files\IDT\WDM\sttray64.exe[2476] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Windows\System32\igfxpers.exe[2712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2352] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef20f2460 5 bytes JMP 000007fefdb302d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef21296b0 6 bytes JMP 000007fefdb30298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa4ddc88 5 bytes JMP 000007fffa4b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3288] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa4dde10 5 bytes JMP 000007fffa4b0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4148] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000100e836f6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a98a29 5 bytes JMP 0000000173ce2b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076845ea5 5 bytes JMP 0000000173ce2ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4272] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076879d0b 5 bytes JMP 0000000173ce2a70 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe8b74a0 11 bytes JMP 000007fffdb30228 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[4432] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe8cbf10 7 bytes JMP 000007fffdb30260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000173ce3780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a98a29 5 bytes JMP 0000000173ce2b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076845ea5 5 bytes JMP 0000000173ce2ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076879d0b 5 bytes JMP 0000000173ce2a70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073d11003 2 bytes [D1, 73] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4444] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073d11016 2 bytes [D1, 73] .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000173ce3780 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a98a29 5 bytes JMP 0000000173ce2b20 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076845ea5 5 bytes JMP 0000000173ce2ae0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076879d0b 5 bytes JMP 0000000173ce2a70 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073d11003 2 bytes [D1, 73] .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073d11016 2 bytes [D1, 73] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000173ce3780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076845ea5 5 bytes JMP 0000000173ce2ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076879d0b 5 bytes JMP 0000000173ce2a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a98a29 5 bytes JMP 0000000173ce2b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4496] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007787a460 7 bytes JMP 000000016fff0228 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077883f80 5 bytes JMP 000000016fff0180 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007789ffa0 5 bytes JMP 000000016fff01b8 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000778af330 5 bytes JMP 000000016fff0110 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778d9a80 7 bytes JMP 000000016fff00d8 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778e9510 5 bytes JMP 000000016fff0148 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077908830 7 bytes JMP 000000016fff01f0 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb42db0 5 bytes JMP 000007fffdb30180 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb437d0 7 bytes JMP 000007fffdb300d8 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb4a410 2 bytes JMP 000007fffdb30110 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefdb4a413 2 bytes [FE, FF] .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb4aec0 6 bytes JMP 000007fffdb30148 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe5b89d0 8 bytes JMP 000007fffdb301f0 .text C:\Users\Adam\Downloads\FRST64.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe5bbe40 8 bytes JMP 000007fffdb301b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000173ce3780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076845ea5 5 bytes JMP 0000000173ce2ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076879d0b 5 bytes JMP 0000000173ce2a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a98a29 5 bytes JMP 0000000173ce2b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3500] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ee1efe 7 bytes JMP 0000000173ce3c50 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ee5b9d 7 bytes JMP 0000000173ce4290 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076ef13f9 7 bytes JMP 0000000173ce3ea0 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076efea45 7 bytes JMP 0000000173ce3c40 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076f88f4c 7 bytes JMP 0000000173ce36c0 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076f88fd1 5 bytes JMP 0000000173ce3770 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076f89327 5 bytes JMP 0000000173ce36d0 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b91d29 5 bytes JMP 0000000173ce3680 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b91dd7 5 bytes JMP 0000000173ce3640 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b92ab1 5 bytes JMP 0000000173ce3780 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b92d1d 5 bytes JMP 0000000173ce3480 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007657d2b4 5 bytes JMP 0000000173ce2c60 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007657d4ee 5 bytes JMP 0000000173ce2c70 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076aa4572 5 bytes JMP 0000000173ce3400 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076abe567 5 bytes JMP 0000000173ce3470 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076ae07d7 5 bytes JMP 0000000173ce2960 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076af7a5c 5 bytes JMP 0000000173ce33e0 .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000073d11003 2 bytes [D1, 73] .text C:\Users\Adam\Downloads\77yve7r0.exe[3276] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000073d11016 2 bytes [D1, 73] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1516:3920] 000007feef269688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3010b37aeb29 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3010b37aeb29 (not active ControlSet) ---- EOF - GMER 2.1 ----