GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-21 16:10:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB Running: v605iujl.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\uxdcaaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\services.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\lsass.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1040] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\conhost.exe[1456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe[1552] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\nvvsvc.exe[1616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[2008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2108] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2116] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2320] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\ProgramData\MobileBrServ\mbbservice.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[2408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2460] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072a71a22 2 bytes [A7, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072a71ad0 2 bytes [A7, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072a71b08 2 bytes [A7, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072a71bba 2 bytes [A7, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2492] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072a71bda 2 bytes [A7, 72] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtlService.exe[2516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Windows\system32\svchost.exe[2564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[2596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\OEM\Wireless LAN Driver and Utility\RtWlan.exe[2672] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Windows\System32\alg.exe[2260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[3176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[4000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef2cbdc88 5 bytes JMP 000007fff2ab00d8 .text C:\Windows\system32\Dwm.exe[3228] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef2cbde10 5 bytes JMP 000007fff2ab0110 .text C:\Windows\Explorer.EXE[3220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\hkcmd.exe[3744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2140] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Program Files\Elantech\ETDCtrl.exe[3324] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd980180 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9800d8 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd980148 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd980110 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9801f0 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9801b8 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd980228 .text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE[3728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd980260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3600] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Windows\system32\wbem\wmiprvse.exe[3088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Dolby PCEE4\pcee4.exe[3576] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f51465 2 bytes [F5, 76] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f514bb 2 bytes [F5, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4160] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076e58791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4212] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\igfxext.exe[4292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[4324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[4356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\wbem\unsecapp.exe[4436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4744] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[4688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000778fa400 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077903f20 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007791ffb0 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007792f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077959a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779694c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077969630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779887e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd9a2db0 5 bytes JMP 000007fffd990180 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd9a37d0 7 bytes JMP 000007fffd9900d8 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a8ef0 6 bytes JMP 000007fffd990148 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd9baf60 5 bytes JMP 000007fffd990110 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf889e0 8 bytes JMP 000007fffd9901f0 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf8be40 8 bytes JMP 000007fffd9901b8 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe527490 11 bytes JMP 000007fffd990228 .text C:\Windows\system32\taskeng.exe[1768] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe53bf00 7 bytes JMP 000007fffd990260 .text C:\Windows\system32\DllHost.exe[5272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[5756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007794ef8d 1 byte [62] .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076e51f0e 7 bytes JMP 00000001712116b3 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076e55bad 7 bytes JMP 00000001712111cc .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076e61409 7 bytes JMP 00000001712112a8 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076e6ea45 7 bytes JMP 0000000171211262 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e7a2fd 1 byte [62] .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076e7b21b 5 bytes JMP 00000001712115c8 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076ef8e24 7 bytes JMP 0000000171211357 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076ef8ea9 5 bytes JMP 00000001712116f4 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076ef91ff 5 bytes JMP 000000017121101e .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758d1d1b 5 bytes JMP 00000001712111e5 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758d1dc9 5 bytes JMP 0000000171211019 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758d2aa4 5 bytes JMP 0000000171211573 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758d2d0a 5 bytes JMP 000000017121128f .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000770fe96b 5 bytes JMP 00000001712115e1 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000770feba5 5 bytes JMP 00000001712111a9 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f88a29 5 bytes JMP 0000000171211046 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f94572 5 bytes JMP 00000001712110c8 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076fae567 5 bytes JMP 0000000171211433 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076fe7a5c 5 bytes JMP 00000001712115f0 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077305ea5 5 bytes JMP 0000000171211618 .text C:\Users\Kamil\Downloads\v605iujl.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077339d0b 5 bytes JMP 000000017121123f ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BCD8B56-4C68-492B-8A43-E68C6782A4C0}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4880](2014-04-21 13:26:26) 000007fefa900000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9f20b8a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9f20b8a@74458a81b035 0xEC 0xC3 0xFB 0x21 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C5F69EE9-4E4C-4324-8752-079FB04F82CD}@LeaseObtainedTime 1398084423 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C5F69EE9-4E4C-4324-8752-079FB04F82CD}@T1 1398088023 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C5F69EE9-4E4C-4324-8752-079FB04F82CD}@T2 1398090723 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C5F69EE9-4E4C-4324-8752-079FB04F82CD}@LeaseTerminatesTime 1398091623 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9f20b8a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9f20b8a@74458a81b035 0xEC 0xC3 0xFB 0x21 ... ---- EOF - GMER 2.1 ----