GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-15 16:11:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA60A 465,76GB Running: pv8bv4r5.exe; Driver: C:\Users\Piotrek\AppData\Local\Temp\kfldapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076208791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ac1401 2 bytes JMP 7622b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ac1419 2 bytes JMP 7622b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ac1431 2 bytes JMP 762a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ac144a 2 bytes CALL 762048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ac14dd 2 bytes JMP 762a89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ac14f5 2 bytes JMP 762a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ac150d 2 bytes JMP 762a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ac1525 2 bytes JMP 762a8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ac153d 2 bytes JMP 7621fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ac1555 2 bytes JMP 76226937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ac156d 2 bytes JMP 762a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ac1585 2 bytes JMP 762a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ac159d 2 bytes JMP 762a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ac15b5 2 bytes JMP 7621fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ac15cd 2 bytes JMP 7622b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ac16b2 2 bytes JMP 762a906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1784] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ac16bd 2 bytes JMP 762a8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1888] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726f17fa 2 bytes CALL 762011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1888] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000726f1860 2 bytes CALL 762011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000726f1942 2 bytes JMP 76747089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1888] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000726f194d 2 bytes JMP 7674cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726f17fa 2 bytes CALL 762011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000726f1860 2 bytes CALL 762011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000726f1942 2 bytes JMP 76747089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000726f194d 2 bytes JMP 7674cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076ac1401 2 bytes JMP 7622b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076ac1419 2 bytes JMP 7622b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076ac1431 2 bytes JMP 762a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076ac144a 2 bytes CALL 762048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076ac14dd 2 bytes JMP 762a89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076ac14f5 2 bytes JMP 762a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076ac150d 2 bytes JMP 762a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076ac1525 2 bytes JMP 762a8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076ac153d 2 bytes JMP 7621fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076ac1555 2 bytes JMP 76226937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076ac156d 2 bytes JMP 762a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076ac1585 2 bytes JMP 762a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076ac159d 2 bytes JMP 762a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076ac15b5 2 bytes JMP 7621fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076ac15cd 2 bytes JMP 7622b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076ac16b2 2 bytes JMP 762a906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrB.exe[1912] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076ac16bd 2 bytes JMP 762a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ac1401 2 bytes JMP 7622b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ac1419 2 bytes JMP 7622b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ac1431 2 bytes JMP 762a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ac144a 2 bytes CALL 762048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ac14dd 2 bytes JMP 762a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ac14f5 2 bytes JMP 762a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ac150d 2 bytes JMP 762a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ac1525 2 bytes JMP 762a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ac153d 2 bytes JMP 7621fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ac1555 2 bytes JMP 76226937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ac156d 2 bytes JMP 762a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ac1585 2 bytes JMP 762a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ac159d 2 bytes JMP 762a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ac15b5 2 bytes JMP 7621fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ac15cd 2 bytes JMP 7622b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ac16b2 2 bytes JMP 762a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\Thorn.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ac16bd 2 bytes JMP 762a8839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ac1401 2 bytes JMP 7622b263 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ac1419 2 bytes JMP 7622b38e C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ac1431 2 bytes JMP 762a90f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ac144a 2 bytes CALL 762048ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ac14dd 2 bytes JMP 762a89ea C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ac14f5 2 bytes JMP 762a8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ac150d 2 bytes JMP 762a88e0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ac1525 2 bytes JMP 762a8caa C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ac153d 2 bytes JMP 7621fce8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ac1555 2 bytes JMP 76226937 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ac156d 2 bytes JMP 762a91a9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ac1585 2 bytes JMP 762a8d0a C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ac159d 2 bytes JMP 762a88a4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ac15b5 2 bytes JMP 7621fd81 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ac15cd 2 bytes JMP 7622b324 C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ac16b2 2 bytes JMP 762a906c C:\Windows\syswow64\kernel32.dll .text C:\Users\Piotrek\AppData\Local\THORN\ThornHelper.exe[584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ac16bd 2 bytes JMP 762a8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5556] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[7092] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9badc88 5 bytes JMP 000007fef9b800d8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9bade10 5 bytes JMP 000007fef9b80110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3536] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3576] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Program Files\Elantech\ETDCtrl.exe[1924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000001301179 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Windows\System32\igfxpers.exe[5124] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff466d10 11 bytes JMP 000007fefd460228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4656] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff47b4f0 7 bytes JMP 000007fefd460260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2132] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1180] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[7300] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2528] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007730a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077313ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007732fff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007733f3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077369c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077379700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077398aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd4732f0 7 bytes JMP 000007fefd4600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd47aa60 5 bytes JMP 000007fefd460180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47ac00 5 bytes JMP 000007fefd460110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd489ac0 5 bytes JMP 000007fefd460148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdac89d0 8 bytes JMP 000007fefd4601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdacbe40 8 bytes JMP 000007fefd4601b8 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076d88a39 5 bytes JMP 0000000073ff2b20 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f95e75 5 bytes JMP 0000000073ff2ae0 .text C:\Users\Piotrek\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fc9cbb 5 bytes JMP 0000000073ff2a70 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076201f0e 7 bytes JMP 0000000073ff3c50 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076205bad 7 bytes JMP 0000000073ff4290 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076211431 7 bytes JMP 0000000073ff3ea0 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007621ea85 7 bytes JMP 0000000073ff3c40 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000762a906c 7 bytes JMP 0000000073ff36c0 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000762a90f1 5 bytes JMP 0000000073ff3770 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000762a9447 5 bytes JMP 0000000073ff36d0 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000767f1e4c 5 bytes JMP 0000000073ff3680 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000767f1efa 5 bytes JMP 0000000073ff3640 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000767f2bdc 5 bytes JMP 0000000073ff3780 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000767f2e7e 5 bytes JMP 0000000073ff3480 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654d2b4 5 bytes JMP 0000000073ff2c60 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654d4ee 5 bytes JMP 0000000073ff2c70 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d94582 5 bytes JMP 0000000073ff3400 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076dae587 5 bytes JMP 0000000073ff3470 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076dd08ab 5 bytes JMP 0000000073ff2960 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076de7b24 5 bytes JMP 0000000073ff33e0 .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000074021003 2 bytes [02, 74] .text E:\Chrome-pobrane\pv8bv4r5.exe[3312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000074021016 2 bytes [02, 74] ---- EOF - GMER 2.2 ----