GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-03 19:42:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000080 HGST rev.JB0O 931,51GB Running: etgkgxf9.exe; Driver: C:\Users\Dawid\AppData\Local\Temp\awddikob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 616 fffff96000115658 8 bytes {JMP 0xfffffffff88004cf} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000144d00 7 bytes [00, 89, F3, FF, C1, 98, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000144d08 3 bytes [C0, 06, 02] .text ... * 107 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 488 fffff9600020cc3c 6 bytes {JMP QWORD [RIP-0xc358a]} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1660] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef78a2460 5 bytes JMP 000007fefd1802d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1920] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef78d96b0 6 bytes JMP 000007fefd180298 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\system32\taskeng.exe[3852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef78a2460 5 bytes JMP 000007fefd1802d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2540] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef78d96b0 6 bytes JMP 000007fefd180298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1548] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef71fdc88 5 bytes JMP 000007fff71d00d8 .text C:\Windows\system32\Dwm.exe[3988] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef71fde10 5 bytes JMP 000007fff71d0110 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075458a29 5 bytes JMP 000000016f2a2b20 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f4a1003 2 bytes [4A, 6F] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f4a1016 2 bytes [4A, 6F] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a75ea5 5 bytes JMP 000000016f2a2ae0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[4164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076aa9d0b 5 bytes JMP 000000016f2a2a70 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\system32\igfxEM.exe[4592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\system32\igfxHK.exe[4732] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd110180 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1100d8 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd110110 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [F7, FF] .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd110148 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1101f0 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1101b8 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd110228 .text C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe[4740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd110260 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000075458a29 5 bytes JMP 000000016f2a2b20 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a75ea5 5 bytes JMP 000000016f2a2ae0 .text D:\Program Files\Programy\Unified Remote 3\RemoteServerWin.exe[4956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076aa9d0b 5 bytes JMP 000000016f2a2a70 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000754651dd 7 bytes JMP 000000011003b3d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007546610b 7 bytes JMP 000000011003b780 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007546c6c1 7 bytes JMP 000000011003b340 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000754afc98 7 bytes JMP 000000011003b6d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000754afcd1 7 bytes JMP 000000011003b570 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000754afcf5 7 bytes JMP 000000011003b680 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes JMP 74f8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes JMP 74f8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes JMP 75008f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes CALL 74f6489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes JMP 75008822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes JMP 750089f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes JMP 75008718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes JMP 75008ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes JMP 74f7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes JMP 74f868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes JMP 75008fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes JMP 75008b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes JMP 750086dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes JMP 74f7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes JMP 74f8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes JMP 75008ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[5080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes JMP 75008671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe[4208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[4200] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075458a29 5 bytes JMP 000000016f2a2b20 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a75ea5 5 bytes JMP 000000016f2a2ae0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076aa9d0b 5 bytes JMP 000000016f2a2a70 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074f68781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075458a29 5 bytes JMP 000000016f2a2b20 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a75ea5 5 bytes JMP 000000016f2a2ae0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076aa9d0b 5 bytes JMP 000000016f2a2a70 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd180180 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1800d8 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd180110 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd180148 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff317490 11 bytes JMP 000007fffd180228 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff32bf00 7 bytes JMP 000007fffd180260 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1801f0 .text C:\Windows\system32\wbem\unsecapp.exe[5820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1801b8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076e31401 2 bytes JMP 74f8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076e31419 2 bytes JMP 74f8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076e31431 2 bytes JMP 75008f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076e3144a 2 bytes CALL 74f6489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076e314dd 2 bytes JMP 75008822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076e314f5 2 bytes JMP 750089f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076e3150d 2 bytes JMP 75008718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076e31525 2 bytes JMP 75008ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076e3153d 2 bytes JMP 74f7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076e31555 2 bytes JMP 74f868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076e3156d 2 bytes JMP 75008fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076e31585 2 bytes JMP 75008b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076e3159d 2 bytes JMP 750086dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076e315b5 2 bytes JMP 74f7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076e315cd 2 bytes JMP 74f8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076e316b2 2 bytes JMP 75008ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076e316bd 2 bytes JMP 75008671 C:\Windows\syswow64\kernel32.dll .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007710a3e0 7 bytes JMP 000000016fff0228 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077113f00 5 bytes JMP 000000016fff0180 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007712ffd0 5 bytes JMP 000000016fff01b8 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007713f350 5 bytes JMP 000000016fff0110 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077169aa0 7 bytes JMP 000000016fff00d8 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077179530 5 bytes JMP 000000016fff0148 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077198850 7 bytes JMP 000000016fff01f0 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd192db0 5 bytes JMP 000007fffd110180 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1937d0 7 bytes JMP 000007fffd1100d8 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd19a410 2 bytes JMP 000007fffd110110 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd19a413 2 bytes [F7, FF] .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd19aec0 6 bytes JMP 000007fffd110148 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd1101f0 .text C:\Users\Dawid\Downloads\FRST64.exe[4348] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd1101b8 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074f61efe 7 bytes JMP 000000016f2a3c50 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074f65b9d 7 bytes JMP 000000016f2a4290 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074f713f9 7 bytes JMP 000000016f2a3ea0 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074f7ea45 7 bytes JMP 000000016f2a3c40 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075008ea4 7 bytes JMP 000000016f2a36c0 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075008f29 5 bytes JMP 000000016f2a3770 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075009281 5 bytes JMP 000000016f2a36d0 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075dc1d29 5 bytes JMP 000000016f2a3680 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075dc1dd7 5 bytes JMP 000000016f2a3640 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075dc2ab1 5 bytes JMP 000000016f2a3780 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075dc2d1d 5 bytes JMP 000000016f2a3480 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000752de96b 5 bytes JMP 000000016f2a2c60 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000752deba5 5 bytes JMP 000000016f2a2c70 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075464572 5 bytes JMP 000000016f2a3400 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007547e567 5 bytes JMP 000000016f2a3470 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754a07d7 5 bytes JMP 000000016f2a2960 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754b7a5c 5 bytes JMP 000000016f2a33e0 .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006f4a1003 2 bytes [4A, 6F] .text C:\Users\Dawid\Downloads\etgkgxf9.exe[7596] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006f4a1016 2 bytes [4A, 6F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [5020:3672] 000007fede509688 ---- Processes - GMER 2.1 ---- Library C:\Users\Dawid\AppData\Local\EnfiladesSignificantly\EntombDibbuk.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4560](2015-11-17 22:30:40) 0000000010000000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b46d8321a137 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b46d8321a137@30a8db7c1940 0x02 0xF9 0xF6 0x53 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b46d8321a137 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b46d8321a137@30a8db7c1940 0x02 0xF9 0xF6 0x53 ... ---- EOF - GMER 2.1 ----