GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-05 16:21:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM012_HN-M500MBB rev.2AR10001 465,76GB Running: s9jyxxsh.exe; Driver: C:\Users\Kryzac\AppData\Local\Temp\agrdapob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7cb4da4 7 bytes JMP 000007fff7ca00d8 .text C:\Windows\system32\Dwm.exe[2024] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7cd9af4 7 bytes JMP 000007fff7ca0110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762d1f4e 7 bytes JMP 0000000172d73c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762d5be5 7 bytes JMP 0000000172d74290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762e1441 7 bytes JMP 0000000172d73ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000762eea75 7 bytes JMP 0000000172d73c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000763788ec 7 bytes JMP 0000000172d736c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076378971 5 bytes JMP 0000000172d73770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076378cc7 5 bytes JMP 0000000172d736d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076491094 5 bytes JMP 0000000172d73680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076491142 5 bytes JMP 0000000172d73640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076491bb2 5 bytes JMP 0000000100271179 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076491d92 5 bytes JMP 0000000172d73480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8b9a 5 bytes JMP 0000000172d72b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4c48 5 bytes JMP 0000000172d73400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bc6bdc 5 bytes JMP 0000000172d73470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c0092e 5 bytes JMP 0000000172d72960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17bec 5 bytes JMP 0000000172d733e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075cce9a2 5 bytes JMP 0000000172d72c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ccebdc 5 bytes JMP 0000000172d72c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075df5ea5 5 bytes JMP 0000000172d72ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1944] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075e29d0b 5 bytes JMP 0000000172d72a70 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8000d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd800148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd800180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd800110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef34e2460 5 bytes JMP 000007fefd8002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[1836] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef35196b0 6 bytes JMP 000007fefd800298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Windows\System32\igfxpers.exe[3216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3296] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762d1f4e 7 bytes JMP 0000000172d73c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762d5be5 7 bytes JMP 0000000172d74290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762e1441 7 bytes JMP 0000000172d73ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000762eea75 7 bytes JMP 0000000172d73c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000763788ec 7 bytes JMP 0000000172d736c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076378971 5 bytes JMP 0000000172d73770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076378cc7 5 bytes JMP 0000000172d736d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076491094 5 bytes JMP 0000000172d73680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076491142 5 bytes JMP 0000000172d73640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076491bb2 5 bytes JMP 0000000172d73780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076491d92 5 bytes JMP 0000000172d73480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8b9a 5 bytes JMP 0000000172d72b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4c48 5 bytes JMP 0000000172d73400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bc6bdc 5 bytes JMP 0000000172d73470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c0092e 5 bytes JMP 0000000172d72960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17bec 5 bytes JMP 0000000172d733e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072da1003 2 bytes [DA, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3512] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072da1016 2 bytes [DA, 72] .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007770af40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077714a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000077732a00 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007773f010 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000777699f0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077779510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007779a530 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff277490 11 bytes JMP 000007fffd810228 .text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff28bf00 7 bytes JMP 000007fffd810260 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762d1f4e 7 bytes JMP 0000000172d73c50 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762d5be5 7 bytes JMP 0000000172d74290 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762e1441 7 bytes JMP 0000000172d73ea0 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000762eea75 7 bytes JMP 0000000172d73c40 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000763788ec 7 bytes JMP 0000000172d736c0 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076378971 5 bytes JMP 0000000172d73770 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076378cc7 5 bytes JMP 0000000172d736d0 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076491094 5 bytes JMP 0000000172d73680 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076491142 5 bytes JMP 0000000172d73640 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076491bb2 5 bytes JMP 0000000172d73780 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076491d92 5 bytes JMP 0000000172d73480 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8b9a 5 bytes JMP 0000000172d72b20 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4c48 5 bytes JMP 0000000172d73400 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bc6bdc 5 bytes JMP 0000000172d73470 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c0092e 5 bytes JMP 0000000172d72960 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17bec 5 bytes JMP 0000000172d733e0 .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072da1003 2 bytes [DA, 72] .text C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072da1016 2 bytes [DA, 72] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8240b0 7 bytes JMP 000007fffd8100d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd829ec0 7 bytes JMP 000007fffd810148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd82aea0 5 bytes JMP 000007fffd810180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd82b040 5 bytes JMP 000007fffd810110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0e89e0 8 bytes JMP 000007fffd8101f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3596] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0ebe40 8 bytes JMP 000007fffd8101b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762d1f4e 7 bytes JMP 0000000172d73c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762d5be5 7 bytes JMP 0000000172d74290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762e1441 7 bytes JMP 0000000172d73ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000762eea75 7 bytes JMP 0000000172d73c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000763788ec 7 bytes JMP 0000000172d736c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076378971 5 bytes JMP 0000000172d73770 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076378cc7 5 bytes JMP 0000000172d736d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076491094 5 bytes JMP 0000000172d73680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076491142 5 bytes JMP 0000000172d73640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076491bb2 5 bytes JMP 0000000172d73780 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076491d92 5 bytes JMP 0000000172d73480 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8b9a 5 bytes JMP 0000000172d72b20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4c48 5 bytes JMP 0000000172d73400 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bc6bdc 5 bytes JMP 0000000172d73470 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c0092e 5 bytes JMP 0000000172d72960 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3604] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17bec 5 bytes JMP 0000000172d733e0 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000762d1f4e 7 bytes JMP 0000000172d73c50 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000762d5be5 7 bytes JMP 0000000172d74290 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000762e1441 7 bytes JMP 0000000172d73ea0 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000762eea75 7 bytes JMP 0000000172d73c40 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000763788ec 7 bytes JMP 0000000172d736c0 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076378971 5 bytes JMP 0000000172d73770 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076378cc7 5 bytes JMP 0000000172d736d0 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076491094 5 bytes JMP 0000000172d73680 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076491142 5 bytes JMP 0000000172d73640 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076491bb2 5 bytes JMP 0000000172d73780 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076491d92 5 bytes JMP 0000000172d73480 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075cce9a2 5 bytes JMP 0000000172d72c60 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ccebdc 5 bytes JMP 0000000172d72c70 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4c48 5 bytes JMP 0000000172d73400 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bc6bdc 5 bytes JMP 0000000172d73470 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c0092e 5 bytes JMP 0000000172d72960 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17bec 5 bytes JMP 0000000172d733e0 .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072da1003 2 bytes [DA, 72] .text C:\Users\Kryzac\Downloads\s9jyxxsh.exe[3276] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072da1016 2 bytes [DA, 72] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001070e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001070c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001071654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001071a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010718ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80039892c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039892c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039892c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80039892c0 Device \FileSystem\Ntfs \Ntfs fffffa80043082c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80050b72c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004bdf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6286DD1C-2B36-4B89-9F77-66A830759E47} fffffa8004dbb2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{991C3CE1-5E74-4A08-A735-80EF014BF53A} fffffa8004dbb2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F03D2C49-B413-4062-A2C1-04647DB2B429} fffffa8004dbb2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80050b72c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80050b72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C58578AC-1240-4E55-BD73-F384CEB295D1} fffffa8004dbb2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{BAB3C0A2-3C40-46FA-837A-DE66432F61D5} fffffa8004dbb2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004dbb2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039892c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80050b72c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039892c0 ---- EOF - GMER 2.1 ----