GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-07-18 22:38:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: cxh6eo54.exe; Driver: C:\Users\acer\AppData\Local\Temp\fwtcqaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\wininit.exe[748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\services.exe[812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[1004] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9abdc88 5 bytes JMP 000007fef9a300d8 .text C:\Windows\system32\Dwm.exe[1644] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9abde10 5 bytes JMP 000007fef9a30110 .text C:\Windows\Explorer.EXE[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2108] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\System32\hkcmd.exe[2624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Windows\System32\igfxpers.exe[2676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files\Elantech\ETDCtrl.exe[2776] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2800] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2864] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb30180 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb300d8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb30148 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb30110 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb301f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb301b8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb30228 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2992] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb30260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 00000000003b8c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files (x86)\PDF Architect 3\creator-ws.exe[2552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe[3284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Users\acer\AppData\Local\Akamai\netsession_win.exe[3356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3960] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Windows\system32\igfxext.exe[2684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[3592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Windows\system32\wbem\unsecapp.exe[3840] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\Launch Manager\LManager.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Dolby PCEE4\pcee4.exe[4128] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f18791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[4200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[4376] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[4428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fee9232460 5 bytes JMP 000007fefdb502d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fee92696b0 6 bytes JMP 000007fefdb50298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9abdc88 5 bytes JMP 000007fef9a900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5168] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9abde10 5 bytes JMP 000007fef9a90110 .text C:\Windows\system32\conhost.exe[5180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[5552] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c08a29 5 bytes JMP 0000000071342bc0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000771f5ea5 5 bytes JMP 0000000071342b80 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[5560] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077229d0b 5 bytes JMP 0000000071342b10 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000077021465 2 bytes [02, 77] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5780] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000770214bb 2 bytes [02, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3248] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[500] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007793a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077943f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007795ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007796f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007798ef8d 1 byte [62] .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077999a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779a94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779c87e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb62db0 5 bytes JMP 000007fefdb50180 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb637d0 7 bytes JMP 000007fefdb500d8 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb68ef0 6 bytes JMP 000007fefdb50148 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7af60 5 bytes JMP 000007fefdb50110 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff727490 11 bytes JMP 000007fefdb50228 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff73bf00 7 bytes JMP 000007fefdb50260 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdf089e0 8 bytes JMP 000007fefdb501f0 .text C:\Windows\system32\DllHost.exe[5464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdf0be40 8 bytes JMP 000007fefdb501b8 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f11f0e 7 bytes JMP 0000000071343cf0 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f15bad 7 bytes JMP 0000000071344330 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f21409 7 bytes JMP 0000000071343f40 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076f2ea45 7 bytes JMP 0000000071343ce0 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f3a2fd 1 byte [62] .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076fb8e24 7 bytes JMP 0000000071343760 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076fb8ea9 5 bytes JMP 0000000071343810 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076fb91ff 5 bytes JMP 0000000071343770 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a11d29 5 bytes JMP 0000000071343720 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075a11dd7 5 bytes JMP 00000000713436e0 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a12ab1 5 bytes JMP 0000000071343820 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a12d17 5 bytes JMP 0000000071343520 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e9e96b 5 bytes JMP 0000000071342d00 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e9eba5 5 bytes JMP 0000000071342d10 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c14572 5 bytes JMP 00000000713434a0 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c2e567 5 bytes JMP 0000000071343510 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076c507d7 5 bytes JMP 0000000071342a00 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076c67a5c 5 bytes JMP 0000000071343480 .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071371003 2 bytes [37, 71] .text C:\Users\acer\Downloads\cxh6eo54.exe[4852] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071371016 2 bytes [37, 71] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!malloc] [28c4834800000001] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!_vsnwprintf] [ccccccccccccccc3] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!_XcptFilter] [ccccffffc09225ff] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!wcsrchr] [83485540cccccccc] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!_wcsnicmp] [8d8948ea8b4820ec] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!wcschr] [8b018b4800000100] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!memset] [48000000a8958910] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!_amsg_exit] [6d73633d50458b50] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!free] [f8958b481475e0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!wcsstr] [f95ce8504d8b0000] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!_initterm] [c707eb304589ffff] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[msvcrt.dll!memcpy] [458b000000003045] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!RtlCaptureContext] [cccccccccccccccc] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!RtlLookupFunctionEntry] [83485540cccccccc] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!RtlVirtualUnwind] [8d8948ea8b4820ec] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!NtOpenFile] [8b018b4800000110] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!RtlInitUnicodeString] [4800000098958910] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!NtClose] [5589000000d08d89] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!NtCreateFile] [6d73633d70458b70] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!RtlAppendUnicodeToString] [d0958b481475e0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!NtFsControlFile] [f8fce8704d8b0000] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[ntdll.dll!NtQueryAttributesFile] [c707eb384589ffff] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\drprov.dll[WINSTA.dll!WinStationIsSessionRemoteable] [5589000000908d89] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!??2@YAPEAX_K@Z] [577845656d61] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_amsg_exit] [15741d000c1d01] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_wcsicmp] [13541d0014641d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!wcsrchr] [e019d21d0012341d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_XcptFilter] [40a01c015d017] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!wcschr] [7006520a000b340a] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_initterm] [10641c000c1c01] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!wcscpy_s] [e341c000f541c] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!memmove] [d014e016f018721c] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_purecall] [a16017010c012] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!??3@YAXPEAX@Z] [a3416000b5416] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_wcsupr] [c00ed010e0123216] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!wcscat_s] [60f01600b700c] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_vsnwprintf] [6340f0007640f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!free] [20601700b320f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!strcpy_s] [40a0130023206] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!memset] [7006320a0006340a] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!__RTDynamicCast] [f641400081401] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [d3414000e5414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!towupper] [a180170109214] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!malloc] [b5418000c6418] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_ultow] [d0145218000a3418] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!_wcsnicmp] [208017010c012] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[msvcrt.dll!memcpy] [4c010f0053340f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlCaptureContext] [2500000c5c0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlVirtualUnwind] [3004720800020801] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtCreateFile] [b541200081201] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtQueryInformationFile] [c00e5212000a3412] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtOpenProcessToken] [a1801600b700c] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtClose] [10541800116418] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlCopyLuid] [d0149218000f3418] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtOpenFile] [814017010c012] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlInitUnicodeStringEx] [95414000a6414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlCompareUnicodeString] [7010521400083414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlEqualUnicodeString] [155417000a1701] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlInitUnicodeString] [f013b21700143417] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtQueryInformationToken] [600c700dc00fd011] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtFsControlFile] [b741d000c1d01] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlInitializeCriticalSection] [9541d000a641d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlLeaveCriticalSection] [e019321d0008341d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtSetInformationThread] [81401c015d017] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtImpersonateAnonymousToken] [7541400086414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!NtOpenThreadToken] [7010321400063414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlInitializeResource] [420400010401] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlGetLastNtStatus] [15340f00061e19] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlAcquireResourceExclusive] [500660077008f20f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlDeleteResource] [700000c5c0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlReleaseResource] [0] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlDeleteCriticalSection] [620400010401] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlNtStatusToDosError] [e00dd21100081101] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[ntdll.dll!RtlEnterCriticalSection] [60067007c009d00b] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[KERNEL32.dll!GetComputerNameW] [10341400115414] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[KERNEL32.dll!DelayLoadFailureHook] [20b017010d214] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[KERNEL32.dll!LoadLibraryW] [820013004f20b] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\ntlanman.dll[KERNEL32.dll!GetComputerNameExW] [d015e017f019f220] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!memset] [3b4908c68348d1ff] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!memcpy] [62850fc33be572f6] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!_amsg_exit] [134cf0d8d480001] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!free] [5c7000004fae800] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!_initterm] [200018108] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!malloc] [48c38b480a75eb3b] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!_XcptFilter] [3948000180e20587] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!iswdigit] [5d850f00018ae31d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!toupper] [180df3d01000018] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!_vsnwprintf] [58b00000083e900] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!_wcsnicmp] [8e0fc33b000180d4] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[msvcrt.dll!wcschr] [2b017b8d00001811] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!RtlCaptureContext] [3db10f48f0c03300] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!RtlLookupFunctionEntry] [17c0850f000180a4] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!EtwTraceMessage] [180b0058b0000] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!EtwEventWrite] [17c2850f02f883] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!EtwEventUnregister] [180d02d8b4800] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!NtClose] [358b482d74eb3b48] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!RtlNtStatusToDosError] [f8c68348000180bc] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!NtCreateFile] [af830ff53b4800eb] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!EtwEventRegister] [15ffcd8b48000017] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!NtFsControlFile] [9d1d894800012efc] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!RtlInitUnicodeString] [809e1d8948000180] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[ntdll.dll!RtlVirtualUnwind] [180681d890001] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!UnhandledExceptionFilter] [9090909090909090] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetProcAddress] [9090909090909090] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!FreeLibrary] [6c894808245c8948] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!SetLastError] [5541544157561024] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!LocalFree] [db3320ec83485641] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!LocalAlloc] [d33be98b4ce08b4d] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetLastError] [1bf000000c0840f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!Sleep] [36850fd73b000000] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!DisableThreadLibraryCalls] [25048b4865000001] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!DelayLoadFailureHook] [8b48eb8b00000030] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!QueryPerformanceCounter] [48f0c03300eb0870] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetTickCount] [f0001816135b10f] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetCurrentThreadId] [8b00eb000018b785] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetCurrentProcessId] [fc33b0001816b05] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [358d48000018c485] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!TerminateProcess] [2d358d4c00013524] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!GetCurrentProcess] [1814f3d89000135] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [2373f63b49c38b00] IAT C:\Windows\Explorer.EXE[1664] @ C:\Windows\System32\DAVHLPR.dll[KERNEL32.dll!LoadLibraryExA] [187d850fc33b] ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1616:1844] 000007fefbbf2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1616:5008] 000007fef6d05124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}\Connection@Name Po??czenie lokalne* 5 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{DF021443-FD91-44D3-AD56-C9099F1E7BFB}?\Device\{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}?\Device\{55F2991F-5074-49F4-A219-8E192701BC64}?\Device\{947068C5-384F-40CC-B482-E5328CD38C3B}?\Device\{9402A0F8-ABB5-48F4-AD34-4787FF567220}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{DF021443-FD91-44D3-AD56-C9099F1E7BFB}"?"{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}"?"{55F2991F-5074-49F4-A219-8E192701BC64}"?"{947068C5-384F-40CC-B482-E5328CD38C3B}"?"{9402A0F8-ABB5-48F4-AD34-4787FF567220}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{DF021443-FD91-44D3-AD56-C9099F1E7BFB}?\Device\TCPIP6TUNNEL_{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}?\Device\TCPIP6TUNNEL_{55F2991F-5074-49F4-A219-8E192701BC64}?\Device\TCPIP6TUNNEL_{947068C5-384F-40CC-B482-E5328CD38C3B}?\Device\TCPIP6TUNNEL_{9402A0F8-ABB5-48F4-AD34-4787FF567220}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e3d34a2 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}@InterfaceName isatap.{CE70FF03-2562-4E8F-AE27-B446FA0DFD1A} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4B51F6C2-13E8-4D98-9996-92A2F32C2F1B}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e3d34a2 (not active ControlSet) ---- EOF - GMER 2.2 ----