GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-19 19:45:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 HGST rev.JB0O 931,51GB Running: 0ysmdq89.exe; Driver: C:\Users\Mat\AppData\Local\Temp\uwdirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef900dc88 5 bytes JMP 000007fff8fe00d8 .text C:\Windows\system32\Dwm.exe[1624] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef900de10 5 bytes JMP 000007fff8fe0110 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ae8791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076381401 2 bytes JMP 76b0b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076381419 2 bytes JMP 76b0b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076381431 2 bytes JMP 76b89061 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007638144a 2 bytes CALL 76ae48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000763814dd 2 bytes JMP 76b8895a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000763814f5 2 bytes JMP 76b88b30 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007638150d 2 bytes JMP 76b88850 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076381525 2 bytes JMP 76b88c1a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007638153d 2 bytes JMP 76affce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076381555 2 bytes JMP 76b06937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007638156d 2 bytes JMP 76b89119 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076381585 2 bytes JMP 76b88c7a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007638159d 2 bytes JMP 76b88814 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000763815b5 2 bytes JMP 76affd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000763815cd 2 bytes JMP 76b0b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000763816b2 2 bytes JMP 76b88fdc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[2184] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000763816bd 2 bytes JMP 76b887a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 00000001012ef4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\Mat\ESET\ESET NOD32 Antivirus\egui.exe[2220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\Elantech\ETDCtrl.exe[2352] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\Mat\Logitech MX518\SetPointP\SetPoint.exe[2496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076381401 2 bytes JMP 76b0b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076381419 2 bytes JMP 76b0b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076381431 2 bytes JMP 76b89061 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007638144a 2 bytes CALL 76ae48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763814dd 2 bytes JMP 76b8895a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763814f5 2 bytes JMP 76b88b30 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007638150d 2 bytes JMP 76b88850 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076381525 2 bytes JMP 76b88c1a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007638153d 2 bytes JMP 76affce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076381555 2 bytes JMP 76b06937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007638156d 2 bytes JMP 76b89119 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076381585 2 bytes JMP 76b88c7a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007638159d 2 bytes JMP 76b88814 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763815b5 2 bytes JMP 76affd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763815cd 2 bytes JMP 76b0b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763816b2 2 bytes JMP 76b88fdc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Mat\uTorrent\utorrent.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763816bd 2 bytes JMP 76b887a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2756] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[3060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files\Mat\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3120] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe[3232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3252] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef0ff2460 5 bytes JMP 000007fefd2502d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3900] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef10296b0 6 bytes JMP 000007fefd250298 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Windows\system32\igfxEM.exe[4852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f10 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffc0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df3a0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209c30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772196c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238a60 1 byte JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077238a62 5 bytes {JMP 0xfffffffff8db7790} .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd2632e0 7 bytes JMP 000007fffd2500d8 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd26a8c0 6 bytes JMP 000007fffd250148 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd27b0d0 5 bytes JMP 000007fffd250180 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd27b270 5 bytes JMP 000007fffd250110 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeab89d0 8 bytes JMP 000007fffd2501f0 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeabbe40 8 bytes JMP 000007fffd2501b8 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff0374a0 11 bytes JMP 000007fffd250228 .text C:\Windows\system32\igfxHK.exe[4872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff04bf10 7 bytes JMP 000007fffd250260 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075b78a29 5 bytes JMP 0000000173e72b20 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f05ea5 5 bytes JMP 0000000173e72ae0 .text C:\Program Files\Mat\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f39d0b 5 bytes JMP 0000000173e72a70 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076ae1f0e 7 bytes JMP 0000000173e73c50 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076ae5bad 7 bytes JMP 0000000173e74290 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076af1431 7 bytes JMP 0000000173e73ea0 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076afea85 7 bytes JMP 0000000173e73c40 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076b88fdc 7 bytes JMP 0000000173e736c0 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076b89061 5 bytes JMP 0000000173e73770 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076b893b7 5 bytes JMP 0000000173e736d0 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d37 5 bytes JMP 0000000173e73680 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61de5 5 bytes JMP 0000000173e73640 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62abf 5 bytes JMP 0000000173e73780 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d1f 5 bytes JMP 0000000173e73480 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c5d2b4 5 bytes JMP 0000000173e72c60 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c5d4ee 5 bytes JMP 0000000173e72c70 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075b84572 5 bytes JMP 0000000173e73400 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075b9e567 5 bytes JMP 0000000173e73470 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075bc07d7 5 bytes JMP 0000000173e72960 .text C:\Users\Mat\Desktop\0ysmdq89.exe[3164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075bd7a5c 5 bytes JMP 0000000173e733e0 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4932:5204] 000007fefb212ae8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----