GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-21 03:13:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: egsfn3m4.exe; Driver: C:\Users\acer\AppData\Local\Temp\fwtcqaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\wininit.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\services.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\winlogon.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\System32\svchost.exe[1100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\taskhost.exe[1928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa00dc88 5 bytes JMP 000007fef9fe00d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa00de10 5 bytes JMP 000007fef9fe0110 .text C:\Windows\Explorer.EXE[2028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2156] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2172] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[2436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\PDF Architect 3\creator-ws.exe[2748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe[2840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe[2484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 00000000001d8c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Windows\System32\rundll32.exe[3624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef2672460 5 bytes JMP 000007fefd6e02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef26a96b0 6 bytes JMP 000007fefd6e0298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa00dc88 5 bytes JMP 000007fef9fe00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[3180] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa00de10 5 bytes JMP 000007fef9fe0110 .text C:\Windows\system32\conhost.exe[2940] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\System32\hkcmd.exe[4012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Windows\System32\igfxpers.exe[2116] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files\Elantech\ETDCtrl.exe[4112] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4160] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[4288] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[4380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6d0180 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6d00d8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6d0148 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6d0110 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6d01f0 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6d01b8 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6d0228 .text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[4476] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6d0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\system32\igfxext.exe[4648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[4676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\system32\wbem\unsecapp.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Windows\System32\StikyNot.exe[4896] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2780] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2024] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Dolby PCEE4\pcee4.exe[4884] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770d8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files\AVAST Software\Avast\avastui.exe[5128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Hostless Modem\CheckNDISPort.exe[5164] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files (x86)\Hostless Modem\CancelAutoPlay_60.exe[5220] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[5480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[3224] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000771e8a29 5 bytes JMP 0000000071202bc0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076935ea5 5 bytes JMP 0000000071202b80 .text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076969d0b 5 bytes JMP 0000000071202b10 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Windows\system32\taskeng.exe[3484] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738a400 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077393f20 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773affb0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773bf2e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773def8d 1 byte [62] .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e9a30 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94c0 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774187e0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6f2db0 5 bytes JMP 000007fefd6e0180 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6f37d0 7 bytes JMP 000007fefd6e00d8 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6f8ef0 6 bytes JMP 000007fefd6e0148 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd70af60 5 bytes JMP 000007fefd6e0110 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff7689e0 8 bytes JMP 000007fefd6e01f0 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff76be40 8 bytes JMP 000007fefd6e01b8 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd7b7490 11 bytes JMP 000007fefd6e0228 .text C:\Windows\system32\calc.exe[5824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd7cbf00 7 bytes JMP 000007fefd6e0260 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000770d1f0e 7 bytes JMP 0000000071203cf0 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000770d5bad 7 bytes JMP 0000000071204330 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000770e1409 7 bytes JMP 0000000071203f40 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000770eea45 7 bytes JMP 0000000071203ce0 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000770fa2fd 1 byte [62] .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077178e24 7 bytes JMP 0000000071203760 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077178ea9 5 bytes JMP 0000000071203810 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000771791ff 5 bytes JMP 0000000071203770 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d29 5 bytes JMP 0000000071203720 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dd7 5 bytes JMP 00000000712036e0 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22ab1 5 bytes JMP 0000000071203820 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d17 5 bytes JMP 0000000071203520 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076b4e96b 5 bytes JMP 0000000071202d00 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076b4eba5 5 bytes JMP 0000000071202d10 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000771f4572 5 bytes JMP 00000000712034a0 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007720e567 5 bytes JMP 0000000071203510 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772307d7 5 bytes JMP 0000000071202a00 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077247a5c 5 bytes JMP 0000000071203480 .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000071231003 2 bytes [23, 71] .text C:\Users\acer\Downloads\egsfn3m4.exe[4596] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000071231016 2 bytes [23, 71] ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [5384:1664] 000007fee54f9688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5464:4052] 000007fefb7a2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5464:5804] 000007fef69d5124 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8e3d34a2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8e3d34a2 (not active ControlSet) ---- EOF - GMER 2.2 ----