GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-10 15:25:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e HGST rev.JA2O 698,64GB Running: od9iw8qj.exe; Driver: C:\Users\Wonszyna\AppData\Local\Temp\pxloauoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff960000a2ec4 8 bytes [18, 0F, D0, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000d1f00 7 bytes [40, A7, F3, FF, 01, B5, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000d1f08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa114da4 7 bytes JMP 000007fefa1000d8 .text C:\Windows\system32\Dwm.exe[1536] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa139af4 7 bytes JMP 000007fefa100110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2252] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Program Files\Elantech\ETDCtrl.exe[2552] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Windows\system32\PnkBstrA.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ca1465 2 bytes [CA, 75] .text C:\Windows\system32\PnkBstrA.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ca14bb 2 bytes [CA, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe[3564] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1f4e 7 bytes JMP 0000000074905150 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5be5 7 bytes JMP 0000000074905790 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1441 7 bytes JMP 00000000749053a0 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea75 7 bytes JMP 0000000074905140 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588ec 7 bytes JMP 0000000074904770 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58971 5 bytes JMP 0000000074904950 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58cc7 5 bytes JMP 0000000074904780 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f91094 5 bytes JMP 0000000074904690 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f91142 5 bytes JMP 00000000749045a0 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f91bb2 5 bytes JMP 0000000074904960 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f91d92 5 bytes JMP 0000000074904290 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c3e9a2 5 bytes JMP 00000000749038b0 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c3ebdc 5 bytes JMP 00000000749038c0 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000777e8a29 5 bytes JMP 0000000074903770 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000777f4572 5 bytes JMP 0000000074904220 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007780e567 5 bytes JMP 0000000074904280 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000778307d7 5 bytes JMP 00000000749035b0 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077847a5c 5 bytes JMP 0000000074904200 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760b5ea5 5 bytes JMP 0000000074903730 .text C:\Users\Wonszyna\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[3900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000760e9d0b 5 bytes JMP 00000000749036c0 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Windows\system32\igfxHK.exe[4060] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[2788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Windows\system32\igfxEM.exe[4056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1f4e 7 bytes JMP 0000000074905150 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5be5 7 bytes JMP 0000000074905790 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1441 7 bytes JMP 00000000749053a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea75 7 bytes JMP 0000000074905140 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588ec 7 bytes JMP 0000000074904770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58971 5 bytes JMP 0000000074904950 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58cc7 5 bytes JMP 0000000074904780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f91094 5 bytes JMP 0000000074904690 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f91142 5 bytes JMP 00000000749045a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f91bb2 5 bytes JMP 0000000074904960 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f91d92 5 bytes JMP 0000000074904290 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c3e9a2 5 bytes JMP 00000000749038b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c3ebdc 5 bytes JMP 00000000749038c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000777e8a29 5 bytes JMP 0000000074903770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000777f4572 5 bytes JMP 0000000074904220 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007780e567 5 bytes JMP 0000000074904280 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000778307d7 5 bytes JMP 00000000749035b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077847a5c 5 bytes JMP 0000000074904200 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760b5ea5 5 bytes JMP 0000000074903730 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000760e9d0b 5 bytes JMP 00000000749036c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000751b1003 2 bytes [1B, 75] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2768] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000751b1016 2 bytes [1B, 75] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2532] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075db87c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000779daf40 7 bytes JMP 000000006fff0228 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000779e4a60 5 bytes JMP 000000006fff0180 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077a02a00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a0f010 5 bytes JMP 000000006fff0110 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a399f0 7 bytes JMP 000000006fff00d8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a49510 5 bytes JMP 000000006fff0148 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a6a530 7 bytes JMP 000000006fff01f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[3476] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdb740b0 7 bytes JMP 000007fefdb600d8 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdb79ec0 7 bytes JMP 000007fefdb60148 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdb7aea0 5 bytes JMP 000007fefdb60180 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdb7b040 5 bytes JMP 000007fefdb60110 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffbd7490 11 bytes JMP 000007fefdb60228 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffbebf00 7 bytes JMP 000007fefdb60260 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff6189e0 8 bytes JMP 000007fefdb601f0 .text C:\Windows\system32\wbem\unsecapp.exe[4240] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff61be40 8 bytes JMP 000007fefdb601b8 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1f4e 7 bytes JMP 0000000074905150 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5be5 7 bytes JMP 0000000074905790 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1441 7 bytes JMP 00000000749053a0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea75 7 bytes JMP 0000000074905140 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588ec 7 bytes JMP 0000000074904770 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58971 5 bytes JMP 0000000074904950 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58cc7 5 bytes JMP 0000000074904780 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f91094 5 bytes JMP 0000000074904690 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f91142 5 bytes JMP 00000000749045a0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f91bb2 5 bytes JMP 0000000074904960 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f91d92 5 bytes JMP 0000000074904290 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c3e9a2 5 bytes JMP 00000000749038b0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c3ebdc 5 bytes JMP 00000000749038c0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000777e8a29 5 bytes JMP 0000000074903770 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000777f4572 5 bytes JMP 0000000074904220 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007780e567 5 bytes JMP 0000000074904280 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000778307d7 5 bytes JMP 00000000749035b0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077847a5c 5 bytes JMP 0000000074904200 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760b5ea5 5 bytes JMP 0000000074903730 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000760e9d0b 5 bytes JMP 00000000749036c0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ca1465 2 bytes [CA, 75] .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ca14bb 2 bytes [CA, 75] .text ... * 2 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[1356] D:\l2\L2Classic.club\system\avcodec-52.dll!ff_flac_parse_streaminfo + 987 000000006ad80d2b 3 bytes [60, DB, E8] .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1f4e 7 bytes JMP 0000000074905150 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5be5 7 bytes JMP 0000000074905790 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1441 7 bytes JMP 00000000749053a0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea75 7 bytes JMP 0000000074905140 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588ec 7 bytes JMP 0000000074904770 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58971 5 bytes JMP 0000000074904950 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58cc7 5 bytes JMP 0000000074904780 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f91094 5 bytes JMP 0000000074904690 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f91142 5 bytes JMP 00000000749045a0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f91bb2 5 bytes JMP 0000000074904960 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f91d92 5 bytes JMP 0000000074904290 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c3e9a2 5 bytes JMP 00000000749038b0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c3ebdc 5 bytes JMP 00000000749038c0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000777e8a29 5 bytes JMP 0000000074903770 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000777f4572 5 bytes JMP 0000000074904220 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007780e567 5 bytes JMP 0000000074904280 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000778307d7 5 bytes JMP 00000000749035b0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077847a5c 5 bytes JMP 0000000074904200 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000760b5ea5 5 bytes JMP 0000000074903730 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000760e9d0b 5 bytes JMP 00000000749036c0 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ca1465 2 bytes [CA, 75] .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ca14bb 2 bytes [CA, 75] .text ... * 2 .text D:\l2\L2Classic.club\system\AwesomiumProcess.exe[2584] D:\l2\L2Classic.club\system\avcodec-52.dll!ff_flac_parse_streaminfo + 987 000000006ad80d2b 3 bytes [60, DB, E8] .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1f4e 7 bytes JMP 0000000074905150 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5be5 7 bytes JMP 0000000074905790 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc1441 7 bytes JMP 00000000749053a0 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea75 7 bytes JMP 0000000074905140 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588ec 7 bytes JMP 0000000074904770 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58971 5 bytes JMP 0000000074904950 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58cc7 5 bytes JMP 0000000074904780 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f91094 5 bytes JMP 0000000074904690 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f91142 5 bytes JMP 00000000749045a0 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f91bb2 5 bytes JMP 0000000074904960 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f91d92 5 bytes JMP 0000000074904290 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075c3e9a2 5 bytes JMP 00000000749038b0 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075c3ebdc 5 bytes JMP 00000000749038c0 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000777f4572 5 bytes JMP 0000000074904220 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007780e567 5 bytes JMP 0000000074904280 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000778307d7 5 bytes JMP 00000000749035b0 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077847a5c 5 bytes JMP 0000000074904200 .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000751b1003 2 bytes [1B, 75] .text C:\Users\Wonszyna\Downloads\od9iw8qj.exe[5096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000751b1016 2 bytes [1B, 75] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14734213795082280@SetupOperations ???&?????????~??????LegacyDriver?3??????????????????????????????9}??@u????2??{???????????????b???????e??????4.??f???HID_Inst?.??? ???????|???????????U?:?????????? ?&???????????????????????????????????????????????0???????? ???????{?????{?????{?????????????? ????????????????????????e??? ???????{???????????{????????????????????????????????????5????????{????? ???????n?????{?????{?,????????V??????b????????????????????????????????t??????????????????????????????????g??????2??{????????h?????system32\DRIVERS\smb.sys??????V??{?????????e????@%SystemRoot%\system32\tcpipcfg.dll,-50005??????????????????s????????w??????p????????w???????????e???{?{?{?{?{?{?{?{?{????V??{?????????n????@%SystemRoot%\system32\tcpipcfg.dll,-50006?????????{?????{??????????????? ???????{???????????A???????????????????e??@%SystemRoot%\servicing\TrustedInstaller.exe,-101????????r???????????????????z???????{????????????????????h????????m?????????t?u?y?t?s?t?u?u?x?s?s?x?y???????????7?d?d?e?f?d?e?f?d?g?f????N???????????D?????????????????????????t?????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\240a641ef6e8 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14734213795082280@SetupOperations ?????e??????????????WUDFCoinstaller.dll??????????????????????????????????????d????N?????????????????mshdc.inf_amd64_neutral_a69a58a4286f0b22????{36fc9e60-c465-11cf-8056-444553540000}\0004??????????????????????????????????????????????????????8???????????8???????????????????????????z??????????????????????????? ???????8??????????????????????N????????T??????????????????????? ???????8???????8???????????8?????s?8?????????????????????w????Intel???????{9CEE304E-DC6C-11D2-B561-00A0C92E6848}??????ig7icd64.dll????ig7icd32.dll?????????????8??????????????????????????????@%systemroot%\system32\rascfg.dll,-32001????? ?k???????????????????0?????????????????????????????????????????????e??????????????????????????????????????????????????????\SystemRoot\system32\drivers\aswRdr2.sys?ys?? ???????????????????????????????????????????????????????????????????????j???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????%??????system3 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\240a641ef6e8 (not active ControlSet) ---- EOF - GMER 2.2 ----