GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-20 15:46:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: m57g1hli.exe; Driver: C:\Users\Sayuri\AppData\Local\Temp\fxldapog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1796] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef9112460 5 bytes JMP 000007fefd7e02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1848] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef91496b0 6 bytes JMP 000007fefd7e0298 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f1429 7 bytes JMP 00000001738312ad .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b223 5 bytes JMP 00000001738315be .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888f4 7 bytes JMP 0000000173831357 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388979 5 bytes JMP 00000001738316e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388ccf 5 bytes JMP 0000000173831028 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d1b 5 bytes JMP 00000001738311ef .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dc9 5 bytes JMP 0000000173831023 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2aa4 5 bytes JMP 000000017383156e .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d0a 5 bytes JMP 0000000173831294 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766e8a29 5 bytes JMP 0000000173831050 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000766f4572 5 bytes JMP 00000001738310d2 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000776de9a2 5 bytes JMP 00000001738315d7 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000776debdc 5 bytes JMP 00000001738311b8 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077565ea5 5 bytes JMP 0000000173831609 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3412] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077599d0b 5 bytes JMP 0000000173831249 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef635dc88 5 bytes JMP 000007fff61500d8 .text C:\Windows\system32\Dwm.exe[3512] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef635de10 5 bytes JMP 000007fff6150110 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Program Files\Elantech\ETDCtrl.exe[3748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3816] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef9112460 5 bytes JMP 000007fefd7e02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3972] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef91496b0 6 bytes JMP 000007fefd7e0298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3988] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Windows\system32\taskeng.exe[4008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f1429 7 bytes JMP 00000001738312ad .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b223 5 bytes JMP 00000001738315be .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888f4 7 bytes JMP 0000000173831357 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388979 5 bytes JMP 00000001738316e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388ccf 5 bytes JMP 0000000173831028 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d1b 5 bytes JMP 00000001738311ef .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dc9 5 bytes JMP 0000000173831023 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2aa4 5 bytes JMP 000000017383156e .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d0a 5 bytes JMP 0000000173831294 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766e8a29 5 bytes JMP 0000000173831050 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000766f4572 5 bytes JMP 00000001738310d2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000776de9a2 5 bytes JMP 00000001738315d7 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000776debdc 5 bytes JMP 00000001738311b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077565ea5 5 bytes JMP 0000000173831609 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077599d0b 5 bytes JMP 0000000173831249 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7e0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[5032] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7e0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7d00d8 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7d0148 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7d0180 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7d0110 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0b7490 11 bytes JMP 000007fffd7d0228 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff0cbf00 7 bytes JMP 000007fffd7d0260 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7d01f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7d01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7d00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7d0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7d0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7d0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7d01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7d01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef635dc88 5 bytes JMP 000007fff63300d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4956] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef635de10 5 bytes JMP 000007fff6330110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f1429 7 bytes JMP 00000001738312ad .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b223 5 bytes JMP 00000001738315be .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888f4 7 bytes JMP 0000000173831357 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388979 5 bytes JMP 00000001738316e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388ccf 5 bytes JMP 0000000173831028 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d1b 5 bytes JMP 00000001738311ef .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dc9 5 bytes JMP 0000000173831023 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2aa4 5 bytes JMP 000000017383156e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d0a 5 bytes JMP 0000000173831294 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000776de9a2 5 bytes JMP 00000001738315d7 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000776debdc 5 bytes JMP 00000001738311b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766e8a29 5 bytes JMP 0000000173831050 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000766f4572 5 bytes JMP 00000001738310d2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077565ea5 5 bytes JMP 0000000173831609 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077599d0b 5 bytes JMP 0000000173831249 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e91401 2 bytes JMP 000000010779a47c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e91419 2 bytes JMP 000000010779a494 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e91431 2 bytes JMP 000000010779a4ac .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e9144a 2 bytes JMP 0000000076f5fcc5 .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e914dd 2 bytes JMP 000000010779a558 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e914f5 2 bytes JMP 000000010779a570 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e9150d 2 bytes JMP 000000010779a588 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e91525 2 bytes JMP 000000010779a5a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e9153d 2 bytes JMP 000000010779a5b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e91555 2 bytes JMP 000000010779a5d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e9156d 2 bytes JMP 000000010779a5e8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e91585 2 bytes JMP 000000010779a600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e9159d 2 bytes JMP 000000010779a618 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e915b5 2 bytes JMP 000000010779a630 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e915cd 2 bytes JMP 000000015d37ce48 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e916b2 2 bytes JMP 000000010779a72d .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e916bd 2 bytes JMP 000000010779a738 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007787efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000778a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000778b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000778b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000778da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7f3460 7 bytes JMP 000007fffd7e00d8 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd7f9940 6 bytes JMP 000007fffd7e0148 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd7f9fb0 5 bytes JMP 000007fffd7e0180 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd7fa150 5 bytes JMP 000007fffd7e0110 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdbb89e0 8 bytes JMP 000007fffd7e01f0 .text C:\Program Files\Elantech\ETDGesture.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbbbe40 8 bytes JMP 000007fffd7e01b8 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772f1429 7 bytes JMP 00000001738312ad .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007730b223 5 bytes JMP 00000001738315be .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000773888f4 7 bytes JMP 0000000173831357 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077388979 5 bytes JMP 00000001738316e0 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077388ccf 5 bytes JMP 0000000173831028 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773f1d1b 5 bytes JMP 00000001738311ef .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773f1dc9 5 bytes JMP 0000000173831023 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773f2aa4 5 bytes JMP 000000017383156e .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773f2d0a 5 bytes JMP 0000000173831294 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000776de9a2 5 bytes JMP 00000001738315d7 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000776debdc 5 bytes JMP 00000001738311b8 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000766e8a29 5 bytes JMP 0000000173831050 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000766f4572 5 bytes JMP 00000001738310d2 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077565ea5 5 bytes JMP 0000000173831609 .text C:\Users\Sayuri\Desktop\gm\m57g1hli.exe[1956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077599d0b 5 bytes JMP 0000000173831249 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:3232] 000007fefbcf2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:1640] 000007feecdfd618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:5720] 000007fef7d85124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:4584] 000007feecd99730 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2156:4588] 000007feecdfd618 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----