GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-19 22:11:42 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB Running: poydn6rw.exe; Driver: C:\Users\Lechu\AppData\Local\Temp\uwtdrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000099300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000099310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[8092] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6632] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffe7092ead0 5 bytes JMP 00007ffe7b0b0570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffe7095eb90 6 bytes JMP 00007ffe7b0b0538 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[7788] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4192] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Windows\system32\taskhostex.exe[4752] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2468] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Windows\System32\igfxpers.exe[6808] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1572] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6288] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1208] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe7bd6d050 7 bytes JMP 00007fff7b0b04c8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5720] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffe7bd9b170 5 bytes JMP 00007fff7b0b0500 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6796] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe7b723e10 7 bytes JMP 00007fff7b0b0260 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe7b723e20 7 bytes JMP 00007fff7b0b0298 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7b7d39b0 7 bytes JMP 00007fff7b0b0340 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe7b7d3ef0 7 bytes JMP 00007fff7b0b02d0 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffe7b7d3fe0 7 bytes JMP 00007fff7b0b0308 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7b8006c0 7 bytes JMP 00007fff7b0b01f0 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7b800730 7 bytes JMP 00007fff7b0b0228 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffe7b1121d0 5 bytes JMP 00007fff7b0b0180 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe7b1129d0 7 bytes JMP 00007fff7b0b00d8 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe7b114310 5 bytes JMP 00007fff7b0b0110 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe7b118d80 5 bytes JMP 00007fff7b0b0148 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffe7b18f0b0 5 bytes JMP 00007fff7b0b01b8 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffe7b8c6d90 1 byte JMP 00007fff7b0b0420 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffe7b8c6d92 8 bytes {JMP 0xffffffffff7e9690} .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffe7b8d74a0 5 bytes JMP 00007fff7b0b03e8 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffe7b8d7560 9 bytes JMP 00007fff7b0b0378 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffe7b8e6b10 5 bytes JMP 00007fff7b0b03b0 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe7c0f1500 8 bytes JMP 00007fff7b0b0458 .text C:\Windows\system32\wbem\unsecapp.exe[6592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe7c0f1750 8 bytes JMP 00007fff7b0b0490 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [896:7044] fffff960008e32d0 ---- Services - GMER 2.1 ---- Service System32\drivers\dtsoftbus01.sys (*** hidden *** ) [SYSTEM] dtsoftbus01 <-- ROOTKIT !!! Service C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe (*** hidden *** ) [AUTO] RzWizardService <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Diagnostics\Performance@ActiveShutdownDCL C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC54410_00_07DD_2E^13A3FAC6256CBC77EE4FEB47E6AF4B5A@Timestamp 0x1B 0xA2 0xB7 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{1DC632EB-FB0E-47E7-9CE0-A04576EDCAD9}\Connection@Name isatap.aurlandsdalen.com Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 423322851 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 2771 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 63205495 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeIoTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeMapTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 63204297 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 63204300 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 63204787 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 371 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberCompressRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0xDB 0xCB 0x58 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 982 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ac7ba10b7eb1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Tag 89 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@ImagePath \SystemRoot\System32\drivers\dtsoftbus01.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@DisplayName @oem90.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Group SCSI Miniport Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Owners oem90.inf? Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@mask 0x25 0x63 0xE0 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@AdapterStatus 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@client 0x41 0x3B 0x13 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit0@data 0x87 0xC9 0x02 0xC0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit1@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit10@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit100@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit101@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit102@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit103@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit104@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit105@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit106@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit107@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit108@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit109@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit11@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit110@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit111@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit112@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit113@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit114@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit115@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit116@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit117@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit118@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit119@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit12@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit120@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit121@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit122@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit123@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit124@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit125@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit126@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit13@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit14@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit15@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit16@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit17@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit18@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit19@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit2@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit20@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit21@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit22@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit23@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit24@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit25@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit26@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit27@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit28@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit29@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit3@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit30@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit31@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit32@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit33@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit34@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit35@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit36@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit37@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit38@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit39@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit4@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit40@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit41@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit42@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit43@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit44@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit45@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit46@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit47@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit48@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit49@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit5@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit50@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit51@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit52@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit53@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit54@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit55@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit56@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit57@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit58@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit59@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit6@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit60@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit61@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit62@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit63@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit64@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit65@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit66@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit67@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit68@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit69@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit7@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit70@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit71@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit72@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit73@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit74@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit75@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit76@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit77@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit78@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit79@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit8@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit80@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit81@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit82@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit83@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit84@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit85@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit86@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit87@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit88@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit89@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit9@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit90@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit91@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit92@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit93@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit94@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit95@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit96@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit97@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit98@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99 Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01\unit99@data 0x3D 0x3E 0xE9 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{1DC632EB-FB0E-47E7-9CE0-A04576EDCAD9}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{1DC632EB-FB0E-47E7-9CE0-A04576EDCAD9}@DefunctTimestamp 0xBC 0x96 0xFD 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-30-4f-67-75-65@AddressCreationTimestamp 0x01 0x39 0x0E 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@ImagePath C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@DisplayName Razer Wizard Service Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\RzWizardService Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 13455 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 9419 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1393 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6235EF4-00FE-4C1B-BC01-1E83334AA82E}@LeaseObtainedTime 1442687300 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6235EF4-00FE-4C1B-BC01-1E83334AA82E}@T1 1442730500 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6235EF4-00FE-4C1B-BC01-1E83334AA82E}@T2 1442752100 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6235EF4-00FE-4C1B-BC01-1E83334AA82E}@LeaseTerminatesTime 1442773700 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 ---- Files - GMER 2.1 ---- File C:\Windows\Temp\_avast_\ws1243BBD0.dat (size mismatch) 33545/0 bytes executable ---- EOF - GMER 2.1 ----