GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-07-02 23:05:39 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000007b ATA_____ rev.1A01 931,51GB Running: bx24ez4i.exe; Driver: C:\Users\Faral\AppData\Local\Temp\awddrkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\services.exe[908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\lsass.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\winlogon.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\System32\svchost.exe[180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Windows\system32\nvvsvc.exe[1472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8f64980 7 bytes JMP 000007fff8f500d8 .text C:\Windows\system32\Dwm.exe[1788] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8f89af4 7 bytes JMP 000007fff8f50110 .text C:\Windows\explorer.exe[1972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[1764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007648d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076641401 2 bytes JMP 7649eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076641419 2 bytes JMP 764ab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076641431 2 bytes JMP 76528609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007664144a 2 bytes CALL 76481dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766414dd 2 bytes JMP 76527efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766414f5 2 bytes JMP 765280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007664150d 2 bytes JMP 76527df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076641525 2 bytes JMP 765281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007664153d 2 bytes JMP 7649f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076641555 2 bytes JMP 764ab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007664156d 2 bytes JMP 765286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076641585 2 bytes JMP 76528222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007664159d 2 bytes JMP 76527db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766415b5 2 bytes JMP 7649f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766415cd 2 bytes JMP 764ab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766416b2 2 bytes JMP 76528584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766416bd 2 bytes JMP 76527d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[2264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef73e2458 5 bytes JMP 000007fefcf602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3156] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef7423384 6 bytes JMP 000007fefcf60298 .text C:\Windows\system32\conhost.exe[3164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\System32\rundll32.exe[3372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\svchost.exe[3520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Windows\System32\igfxpers.exe[4328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ed59e3 5 bytes JMP 000000016e843300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4504] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f157fc 5 bytes JMP 000000016e843290 .text C:\Windows\system32\SearchIndexer.exe[4576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Program Files\Elantech\ETDCtrl.exe[4772] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076641401 2 bytes JMP 7649eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076641419 2 bytes JMP 764ab513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076641431 2 bytes JMP 76528609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007664144a 2 bytes CALL 76481dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766414dd 2 bytes JMP 76527efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766414f5 2 bytes JMP 765280d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007664150d 2 bytes JMP 76527df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076641525 2 bytes JMP 765281c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007664153d 2 bytes JMP 7649f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076641555 2 bytes JMP 764ab885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007664156d 2 bytes JMP 765286c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076641585 2 bytes JMP 76528222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007664159d 2 bytes JMP 76527db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766415b5 2 bytes JMP 7649f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766415cd 2 bytes JMP 764ab29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766416b2 2 bytes JMP 76528584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Sidebar\sidebar.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766416bd 2 bytes JMP 76527d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ed59e3 5 bytes JMP 000000016e843300 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5004] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f157fc 5 bytes JMP 000000016e843290 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007648d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ed59e3 5 bytes JMP 000000016e843300 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f157fc 5 bytes JMP 000000016e843290 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4348] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ed59e3 5 bytes JMP 000000016e843300 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f157fc 5 bytes JMP 000000016e843290 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\wbem\unsecapp.exe[5532] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ed59e3 5 bytes JMP 000000016e843300 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5844] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075f157fc 5 bytes JMP 000000016e843290 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5804] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd58b92c 7 bytes JMP 000007fffcf60260 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd5a87a0 11 bytes JMP 000007fffcf60228 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\wuauclt.exe[700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Users\Faral\Downloads\FRST64(1).exe[6500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\notepad.exe[4520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\notepad.exe[2384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076d0cac0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d1feb0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d32af0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d3f8d0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d69bb0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d79530 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d9a2b0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf79610 7 bytes JMP 000007fffcf600d8 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf7a330 7 bytes JMP 000007fffcf60148 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf7b260 5 bytes JMP 000007fffcf60180 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcf8a720 5 bytes JMP 000007fffcf60110 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd4e83e0 8 bytes JMP 000007fffcf601f0 .text C:\Windows\system32\notepad.exe[6812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd4ebef0 8 bytes JMP 000007fffcf601b8 .text C:\Windows\system32\AUDIODG.EXE[4716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d5f1bd 1 byte [62] .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076482182 7 bytes JMP 000000016e843df0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007648c74f 7 bytes JMP 000000016e844100 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007649ddba 7 bytes JMP 000000016e843de0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007649f18b 7 bytes JMP 000000016e843f30 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000764ab0c5 1 byte [62] .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076528584 7 bytes JMP 000000016e843b50 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076528609 5 bytes JMP 000000016e843c00 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007652895f 5 bytes JMP 000000016e843b60 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076391094 5 bytes JMP 000000016e843ae0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076391142 5 bytes JMP 000000016e843a90 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076391bb2 5 bytes JMP 000000016e843c10 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076391d92 5 bytes JMP 000000016e843870 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007640e84e 5 bytes JMP 000000016e8433d0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007640e86e 5 bytes JMP 000000016e8433c0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076298a29 5 bytes JMP 000000016e843350 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000762a4572 5 bytes JMP 000000016e8437f0 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762be567 5 bytes JMP 000000016e843860 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762e07d7 5 bytes JMP 000000016e843280 .text C:\Users\Faral\Downloads\bx24ez4i.exe[5944] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762f7a5c 5 bytes JMP 000000016e8437e0 ---- Processes - GMER 2.1 ---- Library C:\Users\Faral\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [4504] (Application Ontology library/NVIDIA Corporation)(2014-07-01 10:20:36) 000000005cb60000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\54271e0c7df2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\54271e0c7df2 (not active ControlSet) ---- EOF - GMER 2.1 ----