GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-02 13:15:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: ys2n23to.exe; Driver: C:\Users\Alex\AppData\Local\Temp\pxldrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8801118fc34 12 bytes {MOV RAX, 0xfffffa800a6372a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1184] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef82e4980 7 bytes JMP 000007fff82d00d8 .text C:\Windows\system32\Dwm.exe[1368] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8309af4 7 bytes JMP 000007fff82d0110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1960] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2120] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2128] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Windows\system32\taskeng.exe[2272] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2720] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[2752] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Windows\syswow64\svchost.exe[3180] C:\Windows\syswow64\user32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Windows\syswow64\svchost.exe[3180] C:\Windows\syswow64\user32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Windows\syswow64\svchost.exe[3180] C:\Windows\syswow64\user32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3272] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076531401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076531419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076531431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007653144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765314dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765314f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007653150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076531525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007653153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076531555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007653156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076531585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007653159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765315b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765315cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765316b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765316bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[5136] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb6b92c 7 bytes JMP 000007fffd260260 .text C:\Program Files\Elantech\ETDGesture.exe[5308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdb887a0 11 bytes JMP 000007fffd260228 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5360] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6064] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076531401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076531419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076531431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007653144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765314dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765314f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007653150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076531525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007653153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076531555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007653156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076531585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007653159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765315b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765315cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765316b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765316bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076700e0d 5 bytes JMP 0000000171ab64a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076704076 5 bytes JMP 0000000171ab64f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\USER32.dll!GetGestureInfo 00000000767388e2 5 bytes JMP 0000000171ab6210 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\user32.DLL!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076531401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076531419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076531431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 000000007653144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000765314dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000765314f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 000000007653150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076531525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 000000007653153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076531555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 000000007653156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076531585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 000000007653159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000765315b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000765315cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000765316b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Alex\Desktop\OTL.exe[3228] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000765316bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\notepad.exe[3956] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e6f8d0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e99bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ea9530 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076ea96a0 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076eca2b0 7 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd279610 7 bytes JMP 000007fffd2600d8 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd27a330 7 bytes JMP 000007fffd260148 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b260 5 bytes JMP 000007fffd260180 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd28a720 5 bytes JMP 000007fffd260110 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5783e0 8 bytes JMP 000007fffd2601f0 .text C:\Windows\notepad.exe[3956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57bef0 8 bytes JMP 000007fffd2601b8 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075d3eb26 5 bytes JMP 00000001724815be .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075d3f18b 7 bytes JMP 00000001724812ad .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075dc8584 7 bytes JMP 0000000172481357 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075dc8609 5 bytes JMP 00000001724816e0 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075dc895f 5 bytes JMP 0000000172481028 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1094 5 bytes JMP 00000001724811ef .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1142 5 bytes JMP 0000000172481023 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df1bb2 5 bytes JMP 000000017248156e .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df1d92 5 bytes JMP 0000000172481294 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bae84e 5 bytes JMP 00000001724811b8 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bae86e 5 bytes JMP 00000001724815d7 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766f8b9a 5 bytes JMP 0000000172481050 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076704c48 5 bytes JMP 00000001724810d2 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec59e3 5 bytes JMP 0000000172481609 .text C:\Users\Alex\Desktop\ys2n23to.exe[4784] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f057fc 5 bytes JMP 0000000172481249 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800108ef1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800108ecc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800108f69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800108fa98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800108f8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80073182c0 Device \FileSystem\fastfat \Fat fffffa8006a512c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800a62e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C2BDB342-21CE-4F10-8187-DC20D5355A01} fffffa800a31a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6928240F-8B6C-40F9-8015-73685254B386} fffffa800a31a2c0 Device \Driver\USBSTOR \Device\000000ae fffffa800b5212c0 Device \Driver\cdrom \Device\CdRom0 fffffa8009dc82c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800a62e2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800a62e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{E925F8E2-91BD-40CE-82A9-DBDD6CD797BF} fffffa800a31a2c0 Device \Driver\USBSTOR \Device\000000a2 fffffa800b5212c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a31a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D4C56C54-C30E-4171-8CAC-85609040A606} fffffa800a31a2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800a62e2c0 Device \Driver\USBSTOR \Device\000000ad fffffa800b5212c0 Device \Driver\USBSTOR \Device\000000a3 fffffa800b5212c0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\syswow64\svchost.exe [3180:3376] 00000000002610e0 Thread C:\Windows\System32\svchost.exe [3332:5324] 000007feed109688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de066766 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x80 0xAD 0xCA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de066766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x80 0xAD 0xCA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x54 0x23 0x61 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0xB6 0x2C 0xBF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x20 0x0E 0xE2 0xF4 ... ---- EOF - GMER 2.1 ----