GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-26 10:45:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS545050A7E680 rev.GG2OAF10 465,76GB Running: ccsm30xb.exe; Driver: C:\Users\Szymon\AppData\Local\Temp\uxdiqpoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefb7490 11 bytes JMP 000007fefd700228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefcbf00 7 bytes JMP 000007fefd700260 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef99bdc88 5 bytes JMP 000007fef99900d8 .text C:\Windows\system32\Dwm.exe[1540] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef99bde10 5 bytes JMP 000007fef9990110 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1612] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2312] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000000c68c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefb7490 11 bytes JMP 000007fefd700228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1208] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefcbf00 7 bytes JMP 000007fefd700260 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[1840] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2192] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[2680] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076cc8a29 5 bytes JMP 0000000072e92bc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000770f5ea5 5 bytes JMP 0000000072e92b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077129d0b 5 bytes JMP 0000000072e92b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3024] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefb7490 11 bytes JMP 000007fefd700228 .text C:\Windows\system32\igfxEM.exe[3408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefcbf00 7 bytes JMP 000007fefd700260 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefb7490 11 bytes JMP 000007fefd700228 .text C:\Windows\system32\igfxHK.exe[3420] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefcbf00 7 bytes JMP 000007fefd700260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ea400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773f3f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007740ffb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007741f2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077449a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774594c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774787e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd712db0 5 bytes JMP 000007fefd700180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7137d0 7 bytes JMP 000007fefd7000d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd718ef0 6 bytes JMP 000007fefd700148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd72af60 5 bytes JMP 000007fefd700110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefda389f0 8 bytes JMP 000007fefd7001f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefda3be50 8 bytes JMP 000007fefd7001b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007feec712460 5 bytes JMP 000007fefd7002d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007feec7496b0 6 bytes JMP 000007fefd700298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef99bdc88 5 bytes JMP 000007fef99900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3784] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef99bde10 5 bytes JMP 000007fef9990110 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076fc1f0e 7 bytes JMP 0000000072e93cf0 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076fc5bad 7 bytes JMP 0000000072e94330 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fd1409 7 bytes JMP 0000000072e93f40 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076fdea45 7 bytes JMP 0000000072e93ce0 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077068e24 7 bytes JMP 0000000072e93760 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077068ea9 5 bytes JMP 0000000072e93810 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770691ff 5 bytes JMP 0000000072e93770 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d29 5 bytes JMP 0000000072e93720 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dd7 5 bytes JMP 0000000072e936e0 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2ab1 5 bytes JMP 0000000072e93820 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d17 5 bytes JMP 0000000072e93520 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076dde96b 5 bytes JMP 0000000072e92d00 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076ddeba5 5 bytes JMP 0000000072e92d10 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076cd4572 5 bytes JMP 0000000072e934a0 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076cee567 5 bytes JMP 0000000072e93510 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000076d107d7 5 bytes JMP 0000000072e92a00 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076d27a5c 5 bytes JMP 0000000072e93480 .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072ec1003 2 bytes [EC, 72] .text C:\Users\Szymon\Desktop\ccsm30xb.exe[4652] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072ec1016 2 bytes [EC, 72] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\240a645993be Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\240a645993be (not active ControlSet) ---- EOF - GMER 2.2 ----