GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-18 19:47:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB Running: gmer.exe; Driver: C:\Users\John\AppData\Local\Temp\pxldypog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b5000 47 bytes [0F, 86, 42, FE, FF, FF, 83, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff800035b5030 28 bytes [C1, FA, 03, C1, E2, 06, 89, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2044] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef8412460 5 bytes JMP 000007fefc5502d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1252] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef84496b0 6 bytes JMP 000007fefc550298 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fef8412460 5 bytes JMP 000007fefc5502d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[3668] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fef84496b0 6 bytes JMP 000007fefc550298 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3692] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef373dc88 5 bytes JMP 000007fff37100d8 .text C:\Windows\system32\Dwm.exe[4208] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef373de10 5 bytes JMP 000007fff3710110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8412460 5 bytes JMP 000007fefc5502d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4416] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef84496b0 6 bytes JMP 000007fefc550298 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Windows\system32\taskeng.exe[4688] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Windows\system32\taskeng.exe[4792] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\Elantech\ETDCtrl.exe[5924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[5944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc500180 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5000d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc500148 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc500110 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5001f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[5960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5001b8 .text C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe[5976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint 00000000774d0590 3 bytes [8B, 40, 30] .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[5984] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[5776] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\Elantech\ETDGesture.exe[5780] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\AsScrPro.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076251465 2 bytes [25, 76] .text C:\Windows\AsScrPro.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762514bb 2 bytes [25, 76] .text ... * 2 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6436] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007736af40 7 bytes JMP 000000016fff0260 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077374a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077392990 5 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007739efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773c99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773d94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773d9640 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773fa500 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc562db0 5 bytes JMP 000007fffc550180 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc5637d0 7 bytes JMP 000007fffc5500d8 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc568ef0 6 bytes JMP 000007fffc550148 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc57af60 5 bytes JMP 000007fffc550110 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1289e0 8 bytes JMP 000007fffc5501f0 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe12be40 8 bytes JMP 000007fffc5501b8 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefcaa7490 11 bytes JMP 000007fffc550228 .text C:\Windows\system32\igfxpers.exe[6808] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefcabbf00 7 bytes JMP 000007fffc550260 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [2392:2396] 00000000002a4689 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [7016:5816] 000007fefa5e2a7c Thread [7152:5728] 000000007749aef0 Thread [7152:5684] 000000007749fbf0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----