GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-18 19:15:20 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000LM rev.LVD3 931,51GB Running: 94yv18g0.exe; Driver: C:\Users\WhyNot\AppData\Local\Temp\ugdiqpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd440148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd440180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd440110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd440260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd440228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4401b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7a12458 5 bytes JMP 000007fefd4402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2032] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef7a53384 6 bytes JMP 000007fefd440298 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6164980 7 bytes JMP 000007fff61500d8 .text C:\Windows\system32\Dwm.exe[1172] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6189af4 7 bytes JMP 000007fff6150110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2868] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1284] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a359e3 5 bytes JMP 0000000172f53a00 .text C:\Windows\SysWOW64\UMonit64.exe[2920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075a757fc 5 bytes JMP 0000000172f53990 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Windows\System32\igfxpers.exe[5712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefed3b92c 7 bytes JMP 000007fffd450260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefed587a0 11 bytes JMP 000007fffd450228 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a359e3 5 bytes JMP 0000000172f53a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075a757fc 5 bytes JMP 0000000172f53990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7567eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7568b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75708609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75661dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75707efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 757080d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75707df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 757081c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7567f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 7568b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 757086c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75708222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75707db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7567f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7568b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75708584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75707d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a359e3 5 bytes JMP 0000000172f53a00 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075a757fc 5 bytes JMP 0000000172f53990 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7567eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7568b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75708609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75661dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75707efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 757080d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75707df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 757081c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7567f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 7568b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 757086c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75708222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75707db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7567f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7568b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75708584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75707d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007734cac0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!RegQueryValueExW 000000007735feb0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077372af0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007737f8d0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773a9bb0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773b9530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773da2b0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4400d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd440148 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd440180 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd440110 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4401f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[4324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4401b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd469610 7 bytes JMP 000007fffd4500d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46a330 7 bytes JMP 000007fffd450148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd46b260 5 bytes JMP 000007fffd450180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd47a720 5 bytes JMP 000007fffd450110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefead83e0 8 bytes JMP 000007fffd4501f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeadbef0 8 bytes JMP 000007fffd4501b8 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a359e3 5 bytes JMP 0000000172f53a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4996] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075a757fc 5 bytes JMP 0000000172f53990 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7567eb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7568b513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75708609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75661dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75707efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 757080d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75707df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 757081c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7567f088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 7568b885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 757086c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75708222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75707db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7567f121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7568b29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75708584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75707d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000071ba11a8 2 bytes [BA, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000071ba127d 2 bytes CALL 756614dd C:\Windows\syswow64\kernel32.dll .text ... * 6 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000071ba13a8 2 bytes [BA, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000071ba1422 2 bytes [BA, 71] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[6072] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000071ba1498 2 bytes [BA, 71] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075a359e3 5 bytes JMP 0000000172f53a00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075a757fc 5 bytes JMP 0000000172f53990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7567eb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7568b513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75708609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75661dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75707efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 757080d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75707df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 757081c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7567f088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 7568b885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 757086c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75708222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75707db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7567f121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7568b29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75708584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75707d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075662182 7 bytes JMP 0000000172f54b10 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 000000007566c74f 7 bytes JMP 0000000172f554b0 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007567ddba 7 bytes JMP 0000000172f54b00 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 000000007567f18b 7 bytes JMP 0000000172f54e50 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075708584 7 bytes JMP 0000000172f545c0 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075708609 5 bytes JMP 0000000172f54670 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007570895f 5 bytes JMP 0000000172f545d0 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e61094 5 bytes JMP 0000000172f54580 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e61142 5 bytes JMP 0000000172f54540 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e61bb2 5 bytes JMP 0000000172f54680 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e61d92 5 bytes JMP 0000000172f54360 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c6e84e 5 bytes JMP 0000000172f53b80 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c6e86e 5 bytes JMP 0000000172f53b60 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838b9a 5 bytes JMP 0000000172f53a40 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844c48 5 bytes JMP 0000000172f542e0 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075846bdc 5 bytes JMP 0000000172f54350 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 000000007588092e 5 bytes JMP 0000000172f53850 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897bec 5 bytes JMP 0000000172f542d0 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075761401 2 bytes JMP 7567eb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075761419 2 bytes JMP 7568b513 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075761431 2 bytes JMP 75708609 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007576144a 2 bytes CALL 75661dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757614dd 2 bytes JMP 75707efe C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757614f5 2 bytes JMP 757080d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007576150d 2 bytes JMP 75707df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075761525 2 bytes JMP 757081c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007576153d 2 bytes JMP 7567f088 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075761555 2 bytes JMP 7568b885 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007576156d 2 bytes JMP 757086c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075761585 2 bytes JMP 75708222 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007576159d 2 bytes JMP 75707db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757615b5 2 bytes JMP 7567f121 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757615cd 2 bytes JMP 7568b29f C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757616b2 2 bytes JMP 75708584 C:\Windows\syswow64\kernel32.dll .text C:\Users\WhyNot\Downloads\94yv18g0.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757616bd 2 bytes JMP 75707d4d C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\WhyNot\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [3248] (Application Ontology library/NVIDIA Corporation)(2014-12-17 15:32:50) 0000000071cb0000 Library C:\Users\WhyNot\AppData\Local\Microsoft\Windows Sidebar\Gadgets\MonitorSystemu.Gadget\binaries\MonitorSystemu.Utils.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4324](2014-12-07 20:34:58) 0000000073be0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00c2c62ca9a6 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00c2c62ca9a6 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----