GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-26 17:09:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB Running: e9pso6rw.exe; Driver: C:\Users\Damian\AppData\Local\Temp\kfldqfob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f7000 45 bytes [00, 00, 51, 02, 54, 68, 72, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033f702f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a88791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe[1388] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TightVNC\tvnserver.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[3776] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[1980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Windows\system32\taskeng.exe[2164] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[868] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[868] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[868] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[868] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe[868] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3408] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3408] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe[3408] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe[1256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Windows\system32\taskeng.exe[2208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[1032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Windows\SysWOW64\ACEngSvr.exe[3380] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[4124] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4184] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4200] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\system32\Dwm.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Windows\System32\igfxpers.exe[4400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4472] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4492] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4512] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd797490 11 bytes JMP 000007fffd0c0228 .text C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe[4696] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7abf00 7 bytes JMP 000007fffd0c0260 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4744] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4744] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4744] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4744] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4744] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Users\Damian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4808] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006ec211a8 2 bytes [C2, 6E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006ec2127d 2 bytes CALL 76a814b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 000000006ec21310 2 bytes CALL 76a814b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006ec213a8 2 bytes [C2, 6E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006ec21422 2 bytes [C2, 6E] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4852] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006ec21498 2 bytes [C2, 6E] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[3496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[4768] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\TightVNC\tvnserver.exe[4644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [6648] entry point in ".rdata" section 0000000062ef71e6 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe[6860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[4020] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Windows Live\Mail\wlmail.exe[164968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [164968] entry point in ".rdata" section 0000000062ef71e6 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075ca1341 5 bytes JMP 00000001106e37a0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075ca1361 5 bytes JMP 00000001106e3730 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 0000000174af1ce0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 0000000174af1c70 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[184676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 0000000076cc1401 2 bytes JMP 76aab21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 0000000076cc1419 2 bytes JMP 76aab346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 0000000076cc1431 2 bytes JMP 76b28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 0000000076cc144a 2 bytes CALL 76a848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 0000000076cc14dd 2 bytes JMP 76b287a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 0000000076cc14f5 2 bytes JMP 76b28978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 0000000076cc150d 2 bytes JMP 76b28698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 0000000076cc1525 2 bytes JMP 76b28a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 0000000076cc153d 2 bytes JMP 76a9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 0000000076cc1555 2 bytes JMP 76aa68ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 0000000076cc156d 2 bytes JMP 76b28f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 0000000076cc1585 2 bytes JMP 76b28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 0000000076cc159d 2 bytes JMP 76b2865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 0000000076cc15b5 2 bytes JMP 76a9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 0000000076cc15cd 2 bytes JMP 76aab2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076cc16b2 2 bytes JMP 76b28e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Damian\Desktop\OTL.exe[244060] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 0000000076cc16bd 2 bytes JMP 76b285f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\system32\notepad.exe[243792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076e0f2e0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e39a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e494c0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076e49630 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e687e0 7 bytes JMP 000000016fff01b8 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0d2db0 5 bytes JMP 000007fffd0c0180 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0d37d0 7 bytes JMP 000007fffd0c00d8 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0d8ef0 6 bytes JMP 000007fffd0c0148 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0eaf60 5 bytes JMP 000007fffd0c0110 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef989f0 8 bytes JMP 000007fffd0c01f0 .text C:\Windows\system32\NOTEPAD.EXE[245260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef9be50 8 bytes JMP 000007fffd0c01b8 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076a91409 7 bytes JMP 0000000174af1e90 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076aab21b 5 bytes JMP 0000000174af1da0 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b28e24 7 bytes JMP 0000000174af1d90 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b28ea9 5 bytes JMP 0000000174af1e80 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b291ff 5 bytes JMP 0000000174af1e10 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076131d29 5 bytes JMP 0000000174af2490 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076131dd7 5 bytes JMP 0000000174af24f0 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076132ab1 5 bytes JMP 0000000174af2560 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076132d17 5 bytes JMP 0000000174af26b0 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dce96b 5 bytes JMP 0000000174af1a00 .text C:\Users\Damian\Downloads\e9pso6rw.exe[246580] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dceba5 5 bytes JMP 0000000174af1a90 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [165248:165256] 0000000077222e65 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [165248:165316] 0000000064588f48 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [165248:241304] 0000000077223e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [165248:241328] 0000000077223e85 Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [165248:241632] 0000000077223e85 ---- Processes - GMER 2.1 ---- Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (Python Core/Python Software Foundation)(2014-11-20 22:18:02) 000000001e000000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:58) 000000001e8c0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 000000001e7a0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:56) 0000000000590000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:59) 0000000000280000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 0000000010000000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:56) 000000001e800000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 0000000002010000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:56) 0000000002e20000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:03) 0000000002f50000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:03) 00000000002f0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:03) 0000000003140000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:03) 00000000035e0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 0000000003f20000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 0000000003ff0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:05) 0000000002550000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 00000000042e0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:52) 00000000043f0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:58) 000000001d100000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 00000000020d0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:58) 00000000040c0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:58) 000000001d1a0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:59) 000000001ea10000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 000000001ec80000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:02) 00000000025f0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:58) 000000001ea40000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 000000001e9b0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 000000001eaa0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:52) 000000001e980000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 0000000005520000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648] (wxWidgets for MSW/wxWidgets development team)(2014-11-20 22:18:05) 0000000005670000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:02) 0000000005690000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:52) 000000001ebf0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 00000000056a0000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:52) 0000000005750000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 000000001eb90000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:01) 000000001eb60000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 0000000005790000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:18:00) 000000001ec20000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:56) 000000001ed40000 Library C:\Users\Damian\AppData\Local\Temp\_MEI48082\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [6648](2014-11-20 22:17:53) 0000000005840000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [4020](2014-11-13 06:49:58) 0000000003ee0000 Library c:\users\damian\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphk45he.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [4020](2014-11-20 22:24:25) 00000000042c0000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [4020](2013-08-23 19:01:44) 000000005e760000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [4020] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000005ddd0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68fad461 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68fad461 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Damian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VEYJQ9U\wbk3753.tmp 1654 bytes ---- EOF - GMER 2.1 ----