GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-01 23:57:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 PLEXTOR_ rev.1.02 119,24GB Running: p25cbmji.exe; Driver: C:\Users\TOMEK\AppData\Local\Temp\ugloipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe[2336] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe[2336] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Windows\system32\taskeng.exe[3568] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef61fdc88 5 bytes JMP 000007fff5ff00d8 .text C:\Windows\system32\Dwm.exe[3644] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef61fde10 5 bytes JMP 000007fff5ff0110 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075c448fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075c44913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075c44945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe[4480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4492] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4504] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4796] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Windows\System32\igfxpers.exe[4296] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4804] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000075c448fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000075c44913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000075c44945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[5212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[5264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075c448fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075c44913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075c44945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe[5416] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075c448fb 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075c44913 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075c44945 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000759c5ea5 5 bytes JMP 000000016c333300 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000759f9d0b 5 bytes JMP 000000016c333290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169b70038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5836] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8fb2460 5 bytes JMP 000007fefd7102d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5584] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef8fe96b0 6 bytes JMP 000007fefd710298 .text C:\Windows\SysWOW64\RunDll32.exe[6388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e51465 2 bytes [E5, 76] .text C:\Windows\SysWOW64\RunDll32.exe[6388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e514bb 2 bytes [E5, 76] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007748af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077494a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077496f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774b2990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774befe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774e99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774f94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007751a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd723460 7 bytes JMP 000007fffd7100d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd729940 6 bytes JMP 000007fffd710148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd729fb0 5 bytes JMP 000007fffd710180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72a150 5 bytes JMP 000007fffd710110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd72bbb0 5 bytes JMP 000007fffd700038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda989e0 8 bytes JMP 000007fffd7101f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda9be40 8 bytes JMP 000007fffd7101b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff5b7490 11 bytes JMP 000007fffd710228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff5cbf00 7 bytes JMP 000007fffd710260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa2aa38c 5 bytes JMP 000007fefd7002b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa2c4b60 5 bytes JMP 000007fefd700238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[6676] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa2c4ba0 5 bytes JMP 000007fefd7001b8 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c41f2e 7 bytes JMP 000000016c333df0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c45bcd 7 bytes JMP 000000016c334100 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c51429 7 bytes JMP 000000016c333f30 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c5ea5d 7 bytes JMP 000000016c333de0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075ce88f4 7 bytes JMP 000000016c333b50 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075ce8979 5 bytes JMP 000000016c333c00 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075ce8ccf 5 bytes JMP 000000016c333b60 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076e71d1b 5 bytes JMP 000000016c333ae0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076e71dc9 5 bytes JMP 000000016c333a90 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e72aa4 5 bytes JMP 000000016c333c10 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076e72d0a 5 bytes JMP 000000016c333870 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e9a2 5 bytes JMP 000000016c3333c0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594ebdc 5 bytes JMP 000000016c3333d0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075838a29 5 bytes JMP 000000016c333350 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075844572 5 bytes JMP 000000016c3337f0 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007585e567 5 bytes JMP 000000016c333860 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758807d7 5 bytes JMP 000000016c333280 .text C:\Users\TOMEK\Downloads\p25cbmji.exe[3712] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075897a5c 5 bytes JMP 000000016c3337e0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef7e7741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef7e75f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef7e75674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef7e75e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef7e77f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef7e76a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef7e76ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef7e77b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef7e77ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef7e778b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef7e74fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef7e75d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2680] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef7e77584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a41731b7b037 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a41731b7b037@d023db436085 0x30 0x73 0xA4 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a41731b7b037@48746e566eb1 0xD4 0xAE 0xCC 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a41731b7b037 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a41731b7b037@d023db436085 0x30 0x73 0xA4 0x03 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a41731b7b037@48746e566eb1 0xD4 0xAE 0xCC 0xB4 ... ---- EOF - GMER 2.1 ----