GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-20 08:54:46 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000004e GOODRAM rev.SAFM12.2 223,57GB Running: npizlbk3.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\uxroqfow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f4400 15 bytes [00, 58, F1, 01, C0, 46, 6B, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000f4410 9 bytes [00, C5, FB, FF, C0, 46, CA, ...] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba4b0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba4b0538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Windows\system32\DllHost.exe[4404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Windows\system32\taskhostex.exe[4192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba4b0500 .text C:\Windows\System32\igfxpers.exe[5912] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba4b0538 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba4b0500 .text C:\Program Files\Elantech\ETDCtrl.exe[5944] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba4b0538 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba4b0500 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[6064] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba4b0538 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba4b0500 .text C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe[4236] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba4b0538 .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe[2408] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072821003 2 bytes [82, 72] .text C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe[2408] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072821016 2 bytes [82, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6004] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072821003 2 bytes [82, 72] .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6004] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072821016 2 bytes [82, 72] .text C:\Windows\SysWOW64\ctfmon.exe[5508] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072821003 2 bytes [82, 72] .text C:\Windows\SysWOW64\ctfmon.exe[5508] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072821016 2 bytes [82, 72] .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba3e0260 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba3e0298 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba3e0340 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba3e02d0 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba3e0308 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba3e01f0 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba3e0228 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba3e0180 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba3e00d8 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba3e0110 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba3e0148 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba3e01b8 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xffffffffffea15f8} .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba3e0490 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe46ef90} .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba3e04c8 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba3e0458 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba3e03e8 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba3e0378 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffdfebe88} .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba3e03b0 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba3e0420 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba3e0500 .text C:\Program Files\Windows Defender\MSASCui.exe[6392] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba3e0538 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Windows\System32\Taskmgr.exe[5408] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Windows\system32\dwm.exe[2540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba4b0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba4b0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba4b0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba4b02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba4b0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba4b01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba4b0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba4b0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba4b00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba4b0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba4b0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba4b01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba4b0458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba4b03e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba4b0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffe0bbe88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba4b03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba4b0420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba4b0490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe53ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1664] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba4b04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffcbccf3e10 7 bytes JMP 00007ffcba3e0260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffcbccf3e20 7 bytes JMP 00007ffcba3e0298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffcbcda39b0 7 bytes JMP 00007ffcba3e0340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffcbcda3ef0 7 bytes JMP 00007ffcba3e02d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffcbcda3fe0 7 bytes JMP 00007ffcba3e0308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffcbcdd06c0 7 bytes JMP 00007ffcba3e01f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffcbcdd0730 7 bytes JMP 00007ffcba3e0228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffcba4c21d0 5 bytes JMP 00007ffcba3e0180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffcba4c29d0 7 bytes JMP 00007ffcba3e00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffcba4c4310 5 bytes JMP 00007ffcba3e0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffcba4c8c40 5 bytes JMP 00007ffcba3e0148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffcba53ebc0 1 byte JMP 00007ffcba3e01b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffcba53ebc2 3 bytes {JMP 0xffffffffffea15f8} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffcbc3e9920 10 bytes JMP 00007ffcba3e0458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffcbc3f4430 5 bytes JMP 00007ffcba3e03e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffcbc3f44f0 1 byte JMP 00007ffcba3e0378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffcbc3f44f2 7 bytes {JMP 0xfffffffffdfebe88} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffcbc403b80 5 bytes JMP 00007ffcba3e03b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffcbc405cd0 5 bytes JMP 00007ffcba3e0420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffcbcf3d050 7 bytes JMP 00007ffcba3e0500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffcbcf6b160 5 bytes JMP 00007ffcba3e0538 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffcbbf71500 1 byte JMP 00007ffcba3e0490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffcbbf71502 6 bytes {JMP 0xfffffffffe46ef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffcbbf71750 8 bytes JMP 00007ffcba3e04c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffca51bead0 5 bytes JMP 00007ffcba3e05a8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffca51eeb90 6 bytes JMP 00007ffcba3e0570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffcb77c7750 5 bytes JMP 00007ffcb77b00d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffcb77c8ee0 5 bytes JMP 00007ffcb77b0110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1384] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory2 00007ffcb77cc650 5 bytes JMP 00007ffcb77b0148 .text C:\Users\Kacper\Downloads\npizlbk3.exe[6472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072821003 2 bytes [82, 72] .text C:\Users\Kacper\Downloads\npizlbk3.exe[6472] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072821016 2 bytes [82, 72] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7032] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6000] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6748] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4984] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8116] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7752] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffcbc0c002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffc96912730] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffcbc0c006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3684] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffcbc56002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [552:676] fffff960008242d0 Thread C:\Windows\system32\csrss.exe [552:5640] fffff960008242d0 Thread C:\Windows\system32\svchost.exe [976:1344] 00007ffcb32b7240 Thread C:\Windows\system32\svchost.exe [976:1700] 00007ffcb17f4ee0 Thread C:\Windows\system32\svchost.exe [976:3940] 00007ffcaf571050 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:3152] 0000000069b269b0 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:1512] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:840] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:3708] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:2764] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:1864] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:4652] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:7772] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:7908] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:3452] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:4592] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:4916] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:5560] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:1408] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [1548:6996] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:8060] 0000000069b269b0 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:7088] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:1644] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:7244] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:1556] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:7632] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:6564] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:6568] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:4548] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:5572] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:6552] 0000000067625c00 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:7492] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:2420] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:7616] 00000000774a4930 Thread C:\Users\Kacper\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe [7592:1772] 00000000774a4930 ---- Services - GMER 2.2 ---- Service system32\drivers\ndistpr64.sys (*** hidden *** ) [BOOT] drmkpro64 <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????m???????????e??????????Ap???????????\???????????\?????E???F?????F???m???E????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xB9 0xAB 0x8E 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x29 0x19 0x34 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xB9 0xAB 0x8E 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x29 0x19 0x34 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 101 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD02DC0_00_07DA_79+SAM0428HMAQ702203_1B_07D8_3B^06D92265A6FC548A1B0D4FB421D10565@Timestamp 0x11 0x8D 0x96 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD02DC0_00_07DA_79^43DE932A75FD237B0BDE555D6E837849@Timestamp 0xB5 0x0F 0xF6 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 676 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{87E94EDF-D18A-4E2F-85BF-4DD655A4DE90}\Connection@Name Reusable ISATAP Interface {87E94EDF-D18A-4E2F-85BF-4DD655A4DE90} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Kacper\Downloads\OTL.exe??\??\C:\Users\Kacper\Downloads\OTL.exe?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900100 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1458468799 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 106 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 507451418 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 11994 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 8c647222-5986-4cf8-b3fd-0b0c785 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{E1505BB9-43DE-4C0D-8361-24A2AAD208C8}\0001@Attach.ToDesktop 0 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{E1505BB9-43DE-4C0D-8361-24A2AAD208C8}\0001@DefaultSettings.XResolution 1920 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{E1505BB9-43DE-4C0D-8361-24A2AAD208C8}\0001@DefaultSettings.YResolution 1080 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{E1505BB9-43DE-4C0D-8361-24A2AAD208C8}\0001@Attach.RelativeX 1366 Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\UnitedVideo\CONTROL\VIDEO\{E1505BB9-43DE-4C0D-8361-24A2AAD208C8}\0001@Attach.RelativeY 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{9738bb5e-4caf-4068-907f-bc230a839bc8}@LastProbeTime 1497944676 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@ImagePath system32\drivers\ndistpr64.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@DisplayName drmkpro64 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64@Group System Reserved Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances@DefaultInstance drmkpro64 Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance@Altitude 45666 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64\Instances\drmkpro64 Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\drmkpro64 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{7B7990D2-5CBC-44F5-B41F-4429E0724266}@DefunctTimestamp 0x38 0xB6 0x48 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{87E94EDF-D18A-4E2F-85BF-4DD655A4DE90}@InterfaceName Reusable ISATAP Interface {87E94EDF-D18A-4E2F-85BF-4DD655A4DE90} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{87E94EDF-D18A-4E2F-85BF-4DD655A4DE90}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{A5CD0A84-D94E-46BB-B58F-0C1069D74186}@DefunctTimestamp 0x50 0xB6 0x48 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NIPAL@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 29736 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 21328 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 103 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@LeaseObtainedTime 1497937468 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@T1 1497980668 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@T2 1498013068 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11D4181F-F3A0-4059-AF10-928CF25A55C3}@LeaseTerminatesTime 1498023868 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@LeaseObtainedTime 1497938365 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@T1 1497939265 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@T2 1497939940 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B4D569-2270-4391-A8C4-7472B88F8375}@LeaseTerminatesTime 1497940165 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@LeaseObtainedTime 1497938366 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@T1 1497939266 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@T2 1497939941 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC84E770-0159-419F-A067-26F58AB61382}@LeaseTerminatesTime 1497940166 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore@Count 1335 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore@Blocked 1335 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore@Count 23 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore@Count 1335 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore@Blocked 1335 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore@Count 41 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 1831 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\iexplore@Count 8 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_RtWlan.exe_76cc1a13494fb988f1c3201cf77f8fa805e3f_5a448335_03ec3ef2 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x58 0x00 0x02 0x00 ... ---- EOF - GMER 2.2 ----