GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-01-28 14:53:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: r7l7f1iv.exe; Driver: C:\Users\Rafaelo\AppData\Local\Temp\pgldapow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff96000125b50 8 bytes [00, B5, 68, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000155900 7 bytes [40, 4C, F3, FF, 01, 56, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000155908 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1448] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef847dc88 5 bytes JMP 000007fef84500d8 .text C:\Windows\system32\Dwm.exe[1760] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef847de10 5 bytes JMP 000007fef8450110 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 7490b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 7490b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74989149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 748e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74988a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74988c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74988938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74988d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 748ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74906907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74989201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74988d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 749888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 748ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 7490b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 749890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74988891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2152] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 7490b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 7490b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74989149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 748e4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74988a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74988c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74988938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74988d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 748ffcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74906907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74989201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74988d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 749888fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 748ffd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 7490b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 749890c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74988891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2180] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2272] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2308] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Windows\System32\igfxpers.exe[2500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000748e1eee 7 bytes JMP 0000000072e2168b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000748e5b85 7 bytes JMP 0000000072e211a4 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000748f1409 7 bytes JMP 0000000072e21280 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000748fea5d 7 bytes JMP 0000000072e2123a .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007490b233 5 bytes JMP 0000000072e215a0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000749890c4 7 bytes JMP 0000000072e2132f .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074989149 5 bytes JMP 0000000072e216cc .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007498949f 5 bytes JMP 0000000072e21703 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075101e4c 5 bytes JMP 0000000072e211bd .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075101efa 5 bytes JMP 0000000072e21014 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075102bdc 5 bytes JMP 0000000072e2154b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075102e7e 5 bytes JMP 0000000072e21267 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bb8a29 5 bytes JMP 0000000072e2171c .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074bc5645 5 bytes JMP 0000000072e210a0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074bdf61f 5 bytes JMP 0000000072e2140b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c17af4 5 bytes JMP 0000000072e215c8 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766ce757 5 bytes JMP 0000000072e215b9 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766ce991 5 bytes JMP 0000000072e21181 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 7490b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 7490b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74989149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 748e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74988a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74988c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74988938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74988d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 748ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74906907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74989201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74988d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 749888fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 748ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 7490b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 749890c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74988891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e65e75 5 bytes JMP 0000000072e215f0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e99cbb 5 bytes JMP 0000000072e21217 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000748e1eee 7 bytes JMP 0000000072e2168b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000748e5b85 7 bytes JMP 0000000072e211a4 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000748f1409 7 bytes JMP 0000000072e21280 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000748fea5d 7 bytes JMP 0000000072e2123a .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007490b233 5 bytes JMP 0000000072e215a0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000749890c4 7 bytes JMP 0000000072e2132f .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074989149 5 bytes JMP 0000000072e216cc .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007498949f 5 bytes JMP 0000000072e21703 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075101e4c 5 bytes JMP 0000000072e211bd .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075101efa 5 bytes JMP 0000000072e21014 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075102bdc 5 bytes JMP 0000000072e2154b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075102e7e 5 bytes JMP 0000000072e21267 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bb8a29 5 bytes JMP 0000000072e2171c .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074bc5645 5 bytes JMP 0000000072e210a0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074bdf61f 5 bytes JMP 0000000072e2140b .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c17af4 5 bytes JMP 0000000072e215c8 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766ce757 5 bytes JMP 0000000072e215b9 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766ce991 5 bytes JMP 0000000072e21181 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 7490b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 7490b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74989149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 748e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74988a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74988c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74988938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74988d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 748ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74906907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74989201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74988d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 749888fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 748ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 7490b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 749890c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74988891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e65e75 5 bytes JMP 0000000072e215f0 .text C:\Users\Rafaelo\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e99cbb 5 bytes JMP 0000000072e21217 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076b2a3f0 7 bytes JMP 000000006fff0260 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076b33f00 5 bytes JMP 000000006fff01b8 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076b4ffd0 5 bytes JMP 000000006fff01f0 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076b5f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076b89c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076b99710 5 bytes JMP 000000006fff0180 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076b99880 5 bytes JMP 000000006fff0110 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076bb8ab0 7 bytes JMP 000000006fff0228 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe[2268] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2252] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000748e8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000748e1eee 7 bytes JMP 0000000072e2168b .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000748e5b85 7 bytes JMP 0000000072e211a4 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000748f1409 7 bytes JMP 0000000072e21280 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000748fea5d 7 bytes JMP 0000000072e2123a .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007490b233 5 bytes JMP 0000000072e215a0 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000749890c4 7 bytes JMP 0000000072e2132f .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074989149 5 bytes JMP 0000000072e216cc .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007498949f 5 bytes JMP 0000000072e21703 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075101e4c 5 bytes JMP 0000000072e211bd .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075101efa 5 bytes JMP 0000000072e21014 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075102bdc 5 bytes JMP 0000000072e2154b .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075102e7e 5 bytes JMP 0000000072e21267 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bb8a29 5 bytes JMP 0000000072e2171c .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074bc5645 5 bytes JMP 0000000072e210a0 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074bdf61f 5 bytes JMP 0000000072e2140b .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c17af4 5 bytes JMP 0000000072e215c8 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766ce757 5 bytes JMP 0000000072e215b9 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766ce991 5 bytes JMP 0000000072e21181 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e65e75 5 bytes JMP 0000000072e215f0 .text C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe[2436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e99cbb 5 bytes JMP 0000000072e21217 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000748e1eee 7 bytes JMP 0000000072e2168b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000748e5b85 7 bytes JMP 0000000072e211a4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000748f1409 7 bytes JMP 0000000072e21280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000748fea5d 7 bytes JMP 0000000072e2123a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007490b233 5 bytes JMP 0000000072e215a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000749890c4 7 bytes JMP 0000000072e2132f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074989149 5 bytes JMP 0000000072e216cc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007498949f 5 bytes JMP 0000000072e21703 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075101e4c 5 bytes JMP 0000000072e211bd .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075101efa 5 bytes JMP 0000000072e21014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075102bdc 5 bytes JMP 0000000072e2154b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075102e7e 5 bytes JMP 0000000072e21267 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e65e75 5 bytes JMP 0000000072e215f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e99cbb 5 bytes JMP 0000000072e21217 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766ce757 5 bytes JMP 0000000072e215b9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766ce991 5 bytes JMP 0000000072e21181 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bb8a29 5 bytes JMP 0000000072e2171c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074bc5645 5 bytes JMP 0000000072e210a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074bdf61f 5 bytes JMP 0000000072e2140b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2384] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c17af4 5 bytes JMP 0000000072e215c8 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Windows\system32\taskeng.exe[3236] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe[4716] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000748e8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000764c1401 2 bytes JMP 7490b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000764c1419 2 bytes JMP 7490b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000764c1431 2 bytes JMP 74989149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000764c144a 2 bytes CALL 748e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000764c14dd 2 bytes JMP 74988a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000764c14f5 2 bytes JMP 74988c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000764c150d 2 bytes JMP 74988938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000764c1525 2 bytes JMP 74988d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000764c153d 2 bytes JMP 748ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000764c1555 2 bytes JMP 74906907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000764c156d 2 bytes JMP 74989201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000764c1585 2 bytes JMP 74988d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000764c159d 2 bytes JMP 749888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000764c15b5 2 bytes JMP 748ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000764c15cd 2 bytes JMP 7490b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000764c16b2 2 bytes JMP 749890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000764c16bd 2 bytes JMP 74988891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefca932f0 7 bytes JMP 000007fefca800d8 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefca9aa60 5 bytes JMP 000007fefca80180 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefca9ac00 5 bytes JMP 000007fefca80110 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcaa9ac0 5 bytes JMP 000007fefca80148 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe856d10 11 bytes JMP 000007fefca80228 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe86b4f0 7 bytes JMP 000007fefca80260 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd218840 8 bytes JMP 000007fefca801f0 .text C:\Windows\system32\wuauclt.exe[4852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd21b9f0 8 bytes JMP 000007fefca801b8 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000748e1eee 7 bytes JMP 0000000072e2168b .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000748e5b85 7 bytes JMP 0000000072e211a4 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000748f1409 7 bytes JMP 0000000072e21280 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000748fea5d 7 bytes JMP 0000000072e2123a .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007490b233 5 bytes JMP 0000000072e215a0 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000749890c4 7 bytes JMP 0000000072e2132f .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074989149 5 bytes JMP 0000000072e216cc .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007498949f 5 bytes JMP 0000000072e21703 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075101e4c 5 bytes JMP 0000000072e211bd .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075101efa 5 bytes JMP 0000000072e21014 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075102bdc 5 bytes JMP 0000000072e2154b .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075102e7e 5 bytes JMP 0000000072e21267 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000766ce757 5 bytes JMP 0000000072e215b9 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000766ce991 5 bytes JMP 0000000072e21181 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074bb8a29 5 bytes JMP 0000000072e2171c .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074bc5645 5 bytes JMP 0000000072e210a0 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074bdf61f 5 bytes JMP 0000000072e2140b .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c17af4 5 bytes JMP 0000000072e215c8 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e65e75 5 bytes JMP 0000000072e215f0 .text D:\r7l7f1iv.exe[4316] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074e99cbb 5 bytes JMP 0000000072e21217 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef25f741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef25f5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef25f5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef25f5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef25f7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef25f6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef25f6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef25f7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef25f7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef25f78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef25f4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef25f5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef25f7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\CompatTelRunner.exe [5188:6136] 000007feec029e30 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14833580552072280@SetupOperations ?????Z??????mo??? V?????? ??????????\Device\Tcpip6_{8A0BA5D2-FED5-43DC-9D15-FAF71AB4F879}?\Device\Tcpip6_{369C766C-02B4-45BA-A5B7-7B250CE6F2CA}?\Device\Tcpip6_{A6870C32-4170-4400-B532-89BCE4CF7B7A}?\Device\Tcpip6_{AD5D8B6F-703D-4F2D-8E78-C47B51E1B9DD}?\Device\Tcpip6_{0F6A1EB6-6944-422D-94FD-71D4AA39EF75}?\Device\Tcpip6_{11516412-0FF5-4941-8FA4-C9A9EC72B017}?\Device\Tcpip6_{B0F5ABFC-3491-4CAA-B66F-0B1A8EFE078B}?\Device\Tcpip6_{9C445249-FB83-4A0D-825C-8F54D9DC3747}?\Device\Tcpip6_{6BBD1758-F2B6-4301-AE4A-27C9D5DFE840}??Device\Tcpip6_{6BBD1758-F2B6-4301-AE4A-27C9D5DFE840}??Device\Tcpip6_{6BBD1758-F2B6-4301-AE4A-27C9D5DFE840}??6F-???????????e?????s P??? ???????????????????????????????@???????????????????????0??????????????\SystemRoot\System32\Drivers\usbvideo.sys?????V??????????????d??????????????????????????????????%t??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????P??????????????9??????????????Atheros Communications?ndi??{533c5b84-ec70-11d2-9505-00c04f79deaf}\0004?0}??? `??????5??????s8??????????????t?????N???? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14833582393032280@SetupOperations ?????????????????????????????????????????????????z???????????n???????n??????????? ???????n??????????????????????V?g?????????? ???????p???????????o????????:????? ???????????????P????D?????????????dsy??? ???????n?????p?????j????????$???p? ?????????????N??p???i?????evi??@%systemroot%\system32\cscsvc.dll,-200?-ff???????????f???????????????p???-???e??ProfSvc_Group????????j???3????h60-???????p??????????????????????? ???????r?????p?????p???????????????????????????????p??????????????FileInfo?