GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-09-21 10:56:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0002 698.64GB Running: 7vufm75x.exe; Driver: C:\Users\Agata\AppData\Local\Temp\uglorpow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003801000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380102f 16 bytes [00, 03, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef99b2460 5 bytes JMP 000007fefc4d02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1652] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef99e96b0 6 bytes JMP 000007fefc4d0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgfws.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2412] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef99b2460 5 bytes JMP 000007fefc4d02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2764] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef99e96b0 6 bytes JMP 000007fefc4d0298 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Windows\system32\taskeng.exe[2904] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef99b2460 5 bytes JMP 000007fefc4d02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2908] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef99e96b0 6 bytes JMP 000007fefc4d0298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1920] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6b0dc88 5 bytes JMP 000007fff6ae00d8 .text C:\Windows\system32\Dwm.exe[3160] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6b0de10 5 bytes JMP 000007fff6ae0110 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[3404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3744] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[3856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4064] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Windows\System32\igfxpers.exe[4156] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc430180 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4300d8 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc430148 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc430110 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4301f0 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4301b8 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc430228 .text C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe[4176] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc430260 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Users\Agata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4268] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4380] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[4388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3464] entry point in ".rdata" section 000000006e2b71e6 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5600] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[7100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[7164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771ba400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771c3f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771dffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771ef2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077219a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772294c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772487e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc4e2db0 5 bytes JMP 000007fffc4d0180 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc4e37d0 7 bytes JMP 000007fffc4d00d8 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc4e8ef0 6 bytes JMP 000007fffc4d0148 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc4faf60 5 bytes JMP 000007fffc4d0110 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcd289f0 8 bytes JMP 000007fffc4d01f0 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcd2be50 8 bytes JMP 000007fffc4d01b8 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc817490 11 bytes JMP 000007fffc4d0228 .text C:\Program Files\Elantech\ETDGesture.exe[2520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc82bf00 7 bytes JMP 000007fffc4d0260 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751e5ea5 5 bytes JMP 0000000170dd3a00 .text C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe[7128] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075219d0b 5 bytes JMP 0000000170dd3990 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757e1f0e 7 bytes JMP 0000000170dd4b10 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757e5bad 7 bytes JMP 0000000170dd54b0 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757f1409 7 bytes JMP 0000000170dd4e50 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757fea45 7 bytes JMP 0000000170dd4b00 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075888e24 7 bytes JMP 0000000170dd45c0 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075888ea9 5 bytes JMP 0000000170dd4670 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000758891ff 5 bytes JMP 0000000170dd45d0 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077171d29 5 bytes JMP 0000000170dd4580 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077171dd7 5 bytes JMP 0000000170dd4540 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077172ab1 5 bytes JMP 0000000170dd4680 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077172d17 5 bytes JMP 0000000170dd4360 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076a4e96b 5 bytes JMP 0000000170dd3b60 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076a4eba5 5 bytes JMP 0000000170dd3b80 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075478a29 5 bytes JMP 0000000170dd3a40 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075484572 5 bytes JMP 0000000170dd42e0 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007549e567 5 bytes JMP 0000000170dd4350 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754c07d7 5 bytes JMP 0000000170dd3850 .text C:\Users\Agata\Downloads\7vufm75x.exe[7052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000754d7a5c 5 bytes JMP 0000000170dd42d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----