GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-22 19:10:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB Running: jy4kz6hp.exe; Driver: C:\Users\Gawor\AppData\Local\Temp\kgryqpog.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68dc7091 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68dc7091 (not active ControlSet) ---- User code sections - GMER 2.2 ---- .text ... * 9 .text ... * 9 .text ... * 9 .text ... * 9 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074e95e75 5 bytes JMP 0000000071f415d2 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ec9cbb 5 bytes JMP 0000000071f4122b .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075071e4c 5 bytes JMP 0000000071f411d1 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075071efa 5 bytes JMP 0000000071f41019 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075072bdc 5 bytes JMP 0000000071f41546 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075072e7e 5 bytes JMP 0000000071f41271 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007637e757 5 bytes JMP 0000000071f415a0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007637e991 5 bytes JMP 0000000071f4119f .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076861401 2 bytes JMP 769bb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076861401 2 bytes JMP 769bb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076861401 2 bytes JMP 769bb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076861401 2 bytes JMP 769bb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076861419 2 bytes JMP 769bb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076861419 2 bytes JMP 769bb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076861419 2 bytes JMP 769bb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076861419 2 bytes JMP 769bb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076861431 2 bytes JMP 76a39149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076861431 2 bytes JMP 76a39149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076861431 2 bytes JMP 76a39149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076861431 2 bytes JMP 76a39149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007686144a 2 bytes CALL 76994885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007686144a 2 bytes CALL 76994885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007686144a 2 bytes CALL 76994885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007686144a 2 bytes CALL 76994885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768614dd 2 bytes JMP 76a38a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768614dd 2 bytes JMP 76a38a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768614dd 2 bytes JMP 76a38a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768614dd 2 bytes JMP 76a38a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768614f5 2 bytes JMP 76a38c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768614f5 2 bytes JMP 76a38c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768614f5 2 bytes JMP 76a38c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768614f5 2 bytes JMP 76a38c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007686150d 2 bytes JMP 76a38938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007686150d 2 bytes JMP 76a38938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007686150d 2 bytes JMP 76a38938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007686150d 2 bytes JMP 76a38938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076861525 2 bytes JMP 76a38d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076861525 2 bytes JMP 76a38d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076861525 2 bytes JMP 76a38d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076861525 2 bytes JMP 76a38d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007686153d 2 bytes JMP 769afcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007686153d 2 bytes JMP 769afcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007686153d 2 bytes JMP 769afcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007686153d 2 bytes JMP 769afcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076861555 2 bytes JMP 769b6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076861555 2 bytes JMP 769b6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076861555 2 bytes JMP 769b6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076861555 2 bytes JMP 769b6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007686156d 2 bytes JMP 76a39201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007686156d 2 bytes JMP 76a39201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007686156d 2 bytes JMP 76a39201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007686156d 2 bytes JMP 76a39201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076861585 2 bytes JMP 76a38d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076861585 2 bytes JMP 76a38d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076861585 2 bytes JMP 76a38d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076861585 2 bytes JMP 76a38d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007686159d 2 bytes JMP 76a388fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007686159d 2 bytes JMP 76a388fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007686159d 2 bytes JMP 76a388fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007686159d 2 bytes JMP 76a388fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768615b5 2 bytes JMP 769afd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768615b5 2 bytes JMP 769afd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768615b5 2 bytes JMP 769afd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768615b5 2 bytes JMP 769afd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768615cd 2 bytes JMP 769bb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768615cd 2 bytes JMP 769bb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768615cd 2 bytes JMP 769bb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768615cd 2 bytes JMP 769bb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768616b2 2 bytes JMP 76a390c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768616b2 2 bytes JMP 76a390c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768616b2 2 bytes JMP 76a390c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768616b2 2 bytes JMP 76a390c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768616bd 2 bytes JMP 76a38891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768616bd 2 bytes JMP 76a38891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768616bd 2 bytes JMP 76a38891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768616bd 2 bytes JMP 76a38891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769a1409 7 bytes JMP 0000000071f4128a .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000769bb233 5 bytes JMP 0000000071f4158c .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a390c4 7 bytes JMP 0000000071f41334 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a39149 5 bytes JMP 0000000071f416a4 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a3949f 5 bytes JMP 0000000071f4101e .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d6f3f0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d99c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076da9710 3 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32GetModuleInformation + 4 0000000076da9714 1 byte [F9] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076da9880 3 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW + 4 0000000076da9884 1 byte [F9] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076dc8ab0 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryEnvironmentVariable 0000000076f74170 5 bytes JMP 00000000000205f0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000076f9bec0 5 bytes JMP 0000000000020678 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076f9bfb0 5 bytes JMP 00000000000200a0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f9c0d0 5 bytes JMP 0000000000020018 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f9c130 5 bytes JMP 00000000000203d0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f9c1b0 5 bytes JMP 00000000000201b0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f9c250 5 bytes JMP 0000000000020128 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f9c700 5 bytes JMP 0000000000020238 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f9c790 5 bytes JMP 00000000000202c0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000076f9c800 5 bytes JMP 0000000000020348 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f9ccc0 5 bytes JMP 0000000000020458 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f9cd10 5 bytes JMP 00000000000204e0 .text C:\Windows\system32\svchost.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\svchost.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\taskhost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\Dwm.exe[4852] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\Explorer.EXE[4972] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\SearchIndexer.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer 0000000076ff26a0 5 bytes JMP 0000000000020568 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007714fae8 5 bytes JMP 000000006ef52d80 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007714fc60 5 bytes JMP 000000006ef52910 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007714fe24 5 bytes JMP 000000006ef527a0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007714feb8 5 bytes JMP 000000006ef52ed0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 000000007714ff84 5 bytes JMP 000000006ef52e90 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077150078 5 bytes JMP 000000006ef52ad0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000771507ac 5 bytes JMP 000000006ef52f10 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077150884 5 bytes JMP 000000006ef52f90 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007715092c 5 bytes JMP 000000006ef52c00 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant 0000000077151088 5 bytes JMP 000000006ef52f50 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSemaphore 0000000077151100 5 bytes JMP 000000006ef52fd0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!RtlQueryEnvironmentVariable 000000007716911f 5 bytes JMP 000000006ef53620 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[5040] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[1048] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[1956] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1204] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe[3496] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2504] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5568] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files (x86)\AVG\Framework\Common\avguix.exe[5540] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Users\Gawor\Downloads\jy4kz6hp.exe[6692] C:\Windows\SysWOW64\ntdll.dll!RtlDecompressBuffer 00000000771effe9 5 bytes JMP 000000006ef52c90 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbbd00d8 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbbd00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbbf00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbc232f0 7 bytes JMP 000007fefbc100d8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbbd0180 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbbd0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbbf0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbc2aa60 5 bytes JMP 000007fefbc10180 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbbd0110 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbbd0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbbf0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbc2ac00 5 bytes JMP 000007fefbc10110 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbbd0148 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbbd0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbbf0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbc39ac0 5 bytes JMP 000007fefbc10148 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\ole32.DLL!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbbd0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2c6d10 11 bytes JMP 000007fefbc10228 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\ole32.DLL!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbbd0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Program Files (x86)\AVG\Av\avgui.exe[4332] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2db4f0 7 bytes JMP 000007fefbc10260 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbbd01f0 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbbd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbbf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefcb78840 8 bytes JMP 000007fefbc101f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[4224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbbd01b8 .text C:\Users\Gawor\Downloads\FRST64.exe[5388] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbbd01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4468] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbbf01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\taskeng.exe[4860] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[4988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[5104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[296] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\NOTEPAD.EXE[4712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\ctfmon.exe[5604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\notepad.exe[6188] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\notepad.exe[6872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 .text C:\Windows\system32\notepad.exe[6060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefcb7b9f0 8 bytes JMP 000007fefbc101b8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68dc7091@001501020d6a 0xEE 0x19 0xAF 0xB3 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68dc7091@001501020d6a 0xEE 0x19 0xAF 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{351FEE42-15E2-4685-A22B-09DBBEE2BA7F}@LeaseObtainedTime 1490195015 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{351FEE42-15E2-4685-A22B-09DBBEE2BA7F}@T1 1490195915 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{351FEE42-15E2-4685-A22B-09DBBEE2BA7F}@T2 1490196590 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{351FEE42-15E2-4685-A22B-09DBBEE2BA7F}@LeaseTerminatesTime 1490196815 ---- EOF - GMER 2.2 ----