GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-26 20:18:01 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB Running: zevn7ev5.exe; Driver: C:\Users\MarcinK\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1604] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756f8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075461401 2 bytes JMP 7571b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075461419 2 bytes JMP 7571b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075461431 2 bytes JMP 75798f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007546144a 2 bytes CALL 756f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754614dd 2 bytes JMP 75798832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes JMP 75798a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007546150d 2 bytes JMP 75798728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes JMP 75798af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007546153d 2 bytes JMP 7570fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075461555 2 bytes JMP 757168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007546156d 2 bytes JMP 75798ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075461585 2 bytes JMP 75798b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007546159d 2 bytes JMP 757986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754615b5 2 bytes JMP 7570fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754615cd 2 bytes JMP 7571b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes JMP 75798eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1780] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes JMP 75798681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071b117fa 2 bytes CALL 756f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071b11860 2 bytes CALL 756f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071b11942 2 bytes JMP 760b7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071b1194d 2 bytes JMP 760bcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes JMP 7571b20b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes JMP 7571b336 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes JMP 75798f39 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes CALL 756f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes JMP 75798832 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes JMP 75798a08 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes JMP 75798728 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes JMP 75798af2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes JMP 7570fc98 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes JMP 757168df C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes JMP 75798ff1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes JMP 75798b52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes JMP 757986ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes JMP 7570fd31 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes JMP 7571b2cc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes JMP 75798eb4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes JMP 75798681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 000000010127f4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761a5ea5 5 bytes JMP 0000000171352850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761d9d0b 5 bytes JMP 00000001713527e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef844dc88 5 bytes JMP 000007fff84200d8 .text C:\Windows\system32\Dwm.exe[4968] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef844de10 5 bytes JMP 000007fff8420110 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files (x86)\SCM\SCM.exe[4488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3c0180 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3c00d8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3c0110 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FD, FF] .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3c0148 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef4ab2460 4 bytes JMP 000007fefd3c02d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef4ae96b0 6 bytes JMP 000007fefd3c0298 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3c01f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3c01b8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3c0228 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[1376] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3c0260 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[756] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000756f3efc 13 bytes JMP 00000001605e2c50 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075488e4e 5 bytes JMP 00000001605e2ac0 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075490dfb 5 bytes JMP 00000001605e2920 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075492175 5 bytes JMP 00000001605e2a00 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075493208 5 bytes JMP 00000001605e2b90 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075497b3b 13 bytes JMP 00000001605e26c0 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000754af170 13 bytes JMP 00000001605e2600 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000754c90fc 13 bytes JMP 00000001605e2780 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 00000000754e7d97 5 bytes JMP 00000001605e2840 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007629a93f 13 bytes JMP 00000001605e2540 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes JMP 7571b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes JMP 7571b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes JMP 75798f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes CALL 756f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes JMP 75798832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes JMP 75798a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes JMP 75798728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes JMP 75798af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes JMP 7570fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes JMP 757168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes JMP 75798ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes JMP 75798b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes JMP 757986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes JMP 7570fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes JMP 7571b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes JMP 75798eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[4232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes JMP 75798681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3348] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761a5ea5 5 bytes JMP 0000000171352850 .text C:\Users\MarcinK\AppData\Local\GG\Application\gghub.exe[492] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761d9d0b 5 bytes JMP 00000001713527e0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4040] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077106c80 5 bytes JMP 000000016fff02d0 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007710a5b4 5 bytes JMP 000000016fff0298 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000077110810 7 bytes JMP 000000016fff0308 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000000007711ccec 9 bytes JMP 000000016fff0260 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 0000000077150700 5 bytes JMP 000000016fff0340 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\igfxHK.exe[4264] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761a5ea5 5 bytes JMP 0000000171352850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761d9d0b 5 bytes JMP 00000001713527e0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761a5ea5 5 bytes JMP 0000000171352850 .text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[5404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761d9d0b 5 bytes JMP 00000001713527e0 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\igfxEM.exe[5588] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes JMP 7571b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes JMP 7571b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes JMP 75798f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes CALL 756f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes JMP 75798832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes JMP 75798a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes JMP 75798728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes JMP 75798af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes JMP 7570fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes JMP 757168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes JMP 75798ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes JMP 75798b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes JMP 757986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes JMP 7570fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes JMP 7571b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes JMP 75798eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes JMP 75798681 C:\Windows\syswow64\kernel32.dll .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761a5ea5 5 bytes JMP 0000000171352850 .text C:\Users\MarcinK\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2936] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000761d9d0b 5 bytes JMP 00000001713527e0 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\taskeng.exe[6340] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef4ab2460 4 bytes JMP 000007fefd3d02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7328] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef4ae96b0 6 bytes JMP 000007fefd3d0298 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Program[6652] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Program[6652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3c0180 .text C:\Program[6652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3c00d8 .text C:\Program[6652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3c0110 .text C:\Program[6652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FD, FF] .text C:\Program[6652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3c0148 .text C:\Program[6652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3c01f0 .text C:\Program[6652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3c01b8 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\notepad.exe[6164] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\notepad.exe[7856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077279510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077298830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ea410 2 bytes JMP 000007fffd3d0110 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ea413 2 bytes [FE, FF] .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3eaec0 6 bytes JMP 000007fffd3d0148 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd5789d0 8 bytes JMP 000007fffd3d01f0 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd57be40 8 bytes JMP 000007fffd3d01b8 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6274a0 11 bytes JMP 000007fffd3d0228 .text C:\Windows\system32\notepad.exe[2308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd63bf10 7 bytes JMP 000007fffd3d0260 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075461401 2 bytes JMP 7571b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075461419 2 bytes JMP 7571b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075461431 2 bytes JMP 75798f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007546144a 2 bytes CALL 756f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754614dd 2 bytes JMP 75798832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754614f5 2 bytes JMP 75798a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007546150d 2 bytes JMP 75798728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075461525 2 bytes JMP 75798af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007546153d 2 bytes JMP 7570fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075461555 2 bytes JMP 757168df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007546156d 2 bytes JMP 75798ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075461585 2 bytes JMP 75798b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007546159d 2 bytes JMP 757986ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754615b5 2 bytes JMP 7570fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754615cd 2 bytes JMP 7571b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754616b2 2 bytes JMP 75798eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ManyCam\ManyCam.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754616bd 2 bytes JMP 75798681 C:\Windows\syswow64\kernel32.dll .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000756f1eee 7 bytes JMP 0000000171353910 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000756f5b85 7 bytes JMP 0000000171353f90 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757013e1 7 bytes JMP 0000000171353ba0 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007570ea35 7 bytes JMP 0000000171353900 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075798eb4 7 bytes JMP 00000001713534a0 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075798f39 5 bytes JMP 0000000171353550 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007579928f 5 bytes JMP 00000001713534b0 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000751d1d29 5 bytes JMP 0000000171353460 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000751d1dd7 5 bytes JMP 0000000171353420 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000751d2ab1 5 bytes JMP 0000000171353560 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000751d2d1d 5 bytes JMP 0000000171353250 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fad2b4 5 bytes JMP 0000000171352970 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075fad4ee 5 bytes JMP 0000000171352980 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075488a29 5 bytes JMP 0000000171352890 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075494572 5 bytes JMP 00000001713531d0 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000754ae567 5 bytes JMP 0000000171353240 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754d07d7 5 bytes JMP 0000000171352710 .text C:\Users\MarcinK\Desktop\snap\zevn7ev5.exe[8960] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754e7a5c 5 bytes JMP 00000001713531c0 ---- Processes - GMER 2.1 ---- Library C:\Users\MarcinK\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [5028] (GG drive menu/GG Network S.A.) 000000005ff80000 Library C:\Users\MarcinK\Desktop\snap\FRST64.exe (*** suspicious ***) @ C:\Users\MarcinK\Desktop\snap\FRST64.exe [6652] 000000013f5e0000 Library C:\Users\MarcinK\AppData\Local\Temp\ManyCam.wB4612 (*** suspicious ***) @ C:\Program Files (x86)\ManyCam\ManyCam.exe [4612](2015-09-26 17 00000000590e0000 Library C:\Users\MarcinK\AppData\Local\Temp\ManyCam.wx4612 (*** suspicious ***) @ C:\Program Files (x86)\ManyCam\ManyCam.exe [4612](2015-09-26 17 00000000590a0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a0886975ea1c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a0886975ea1c@d4206d051dc6 0xDE 0xE9 0xF2 0x7D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a0886975ea1c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a0886975ea1c@d4206d051dc6 0xDE 0xE9 0xF2 0x7D ... ---- Files - GMER 2.1 ---- File C:\Users\MarcinK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000be 53962 bytes File C:\Users\MarcinK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0009f0 59092 bytes File C:\Users\MarcinK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000823 22632 bytes File C:\Users\MarcinK\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040a 22976 bytes ---- EOF - GMER 2.1 ----