GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-12 21:18:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.300i 111,79GB Running: zfz5rlzf.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgtdapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1304] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef4ecdc88 5 bytes JMP 000007fff4ea00d8 .text C:\Windows\system32\Dwm.exe[4156] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef4ecde10 5 bytes JMP 000007fff4ea0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\WINDOWS\System32\igfxpers.exe[4504] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4708] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7092460 5 bytes JMP 000007fefd1002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4740] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef70c96b0 6 bytes JMP 000007fefd100298 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4768] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Dell\QuickSet\quickset.exe[4912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe[4964] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5508] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076d41401 2 bytes JMP 769db21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076d41419 2 bytes JMP 769db346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076d41431 2 bytes JMP 76a58ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076d4144a 2 bytes CALL 769b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076d414dd 2 bytes JMP 76a587a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076d414f5 2 bytes JMP 76a58978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076d4150d 2 bytes JMP 76a58698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076d41525 2 bytes JMP 76a58a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076d4153d 2 bytes JMP 769cfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076d41555 2 bytes JMP 769d68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076d4156d 2 bytes JMP 76a58f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076d41585 2 bytes JMP 76a58ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076d4159d 2 bytes JMP 76a5865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076d415b5 2 bytes JMP 769cfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076d415cd 2 bytes JMP 769db2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076d416b2 2 bytes JMP 76a58e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[5716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076d416bd 2 bytes JMP 76a585f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefee97490 11 bytes JMP 000007fffd100228 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefeeabf00 7 bytes JMP 000007fffd100260 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Windows\system32\wbem\unsecapp.exe[5740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760e5ea5 5 bytes JMP 00000001699d2c10 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076119d0b 3 bytes JMP 00000001699d2ba0 .text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[5932] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 4 0000000076119d0f 1 byte [F3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f2a400 7 bytes JMP 000000016fff0228 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f33f20 5 bytes JMP 000000016fff0180 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f4ffb0 5 bytes JMP 000000016fff01b8 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f5f2e0 5 bytes JMP 000000016fff0110 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076f89a30 7 bytes JMP 000000016fff00d8 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076f994c0 5 bytes JMP 000000016fff0148 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fb87e0 7 bytes JMP 000000016fff01f0 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd112db0 5 bytes JMP 000007fffd100180 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1137d0 7 bytes JMP 000007fffd1000d8 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd118ef0 6 bytes JMP 000007fffd100148 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd12af60 5 bytes JMP 000007fffd100110 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd1c89f0 8 bytes JMP 000007fffd1001f0 .text D:\Moje dokumenty\Malware_02.2015\FRST64.exe[3652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd1cbe50 8 bytes JMP 000007fffd1001b8 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000769b1f0e 7 bytes JMP 00000001699d3d10 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000769b5bad 7 bytes JMP 00000001699d46b0 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769c1409 7 bytes JMP 00000001699d4050 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000769cea45 7 bytes JMP 00000001699d3d00 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a58e24 7 bytes JMP 00000001699d37c0 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a58ea9 5 bytes JMP 00000001699d3870 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a591ff 5 bytes JMP 00000001699d37d0 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d01d29 5 bytes JMP 00000001699d3780 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d01dd7 5 bytes JMP 00000001699d3740 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d02ab1 5 bytes JMP 00000001699d3880 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d02d17 5 bytes JMP 00000001699d3560 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000751ee96b 5 bytes JMP 00000001699d2d70 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000751eeba5 5 bytes JMP 00000001699d2d80 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075268a29 5 bytes JMP 00000001699d2c50 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075274572 5 bytes JMP 00000001699d34e0 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007528e567 5 bytes JMP 00000001699d3550 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000752b07d7 5 bytes JMP 00000001699d2a60 .text D:\Moje dokumenty\Malware_02.2015\zfz5rlzf.exe[5752] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752c7a5c 5 bytes JMP 00000001699d34d0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80935ab2ec Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c80935ab2ec@68764fa69d40 0xB1 0x06 0x1A 0x0F ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80935ab2ec (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c80935ab2ec@68764fa69d40 0xB1 0x06 0x1A 0x0F ... ---- Files - GMER 2.1 ---- File C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sprzedaż_03.2014_uwagi_JS.txt.lnk 0 bytes File C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\suits.s03e16.720p.hdtv.x264-killers.mkv.lnk 0 bytes File C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Z-7.6_Zestawienie badań pdf.lnk 0 bytes ---- EOF - GMER 2.1 ----