GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-10 23:06:24 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: zv58uk6y.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\pwdiypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd380228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1724] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd380260 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 5 bytes JMP 000007fffd3400b8 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd340038 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 5 bytes JMP 000007fffd340138 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3402b8 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd340238 .text C:\Windows\system32\taskhost.exe[2508] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3401b8 .text C:\Windows\system32\Dwm.exe[2576] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Windows\system32\Dwm.exe[2576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 5 bytes JMP 000007fffd3800b8 .text C:\Windows\system32\Dwm.exe[2576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd380038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd380228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4028] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd380260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd380228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd380260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4040] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd370038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3702b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd370238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3701b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd380228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd380260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd370038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3702b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd370238 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3701b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd380228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[4068] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd380260 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[4092] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd370038 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[3664] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd370038 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3702b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd370238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3701b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd340180 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3400d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd340148 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd330038 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd340110 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3401f0 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3401b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1b7490 11 bytes JMP 000007fffd340228 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe1cbf00 7 bytes JMP 000007fffd340260 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef61fdc88 5 bytes JMP 000007fff61d00d8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef61fde10 5 bytes JMP 000007fff61d0110 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\ddraw.dll!DirectDrawCreate 000007fef99c815c 5 bytes JMP 000007fefd3301b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\ddraw.dll!DirectDrawCreateEx 000007fef99c8968 5 bytes JMP 000007fefd330238 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\winmm.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3303b8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\winmm.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd330338 .text C:\Program Files\Windows Sidebar\sidebar.exe[3804] C:\Windows\system32\winmm.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3302b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000771b6f80 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771defe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772099b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772194d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077219640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007723a500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd39bfd0 5 bytes JMP 000007fffd370038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefad4a38c 5 bytes JMP 000007fefd3702b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefad64b60 5 bytes JMP 000007fefd370238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3788] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefad64ba0 5 bytes JMP 000007fefd3701b8 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f713e1 7 bytes JMP 000000016b001fa0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076f8b1d3 5 bytes JMP 000000016b001eb0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000770088b4 7 bytes JMP 000000016b001ea0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077008939 5 bytes JMP 000000016b001f90 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077008c8f 5 bytes JMP 000000016b001f20 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076591d1b 5 bytes JMP 000000016b002730 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076591dc9 5 bytes JMP 000000016b002790 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076592aa4 5 bytes JMP 000000016b002800 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076592d0a 5 bytes JMP 000000016b002980 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee9a2 5 bytes JMP 000000016b001a20 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eebdc 5 bytes JMP 000000016b001ab0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076885ea5 5 bytes JMP 000000016b001df0 .text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768b9d0b 5 bytes JMP 000000016b001d70 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd392db0 5 bytes JMP 000007fffd380180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3937d0 7 bytes JMP 000007fffd3800d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd398ef0 6 bytes JMP 000007fffd380148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3aaf60 5 bytes JMP 000007fffd380110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7889e0 8 bytes JMP 000007fffd3801f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd78be40 8 bytes JMP 000007fffd3801b8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000076f648b3 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000076f648cb 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000076f648fd 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076f713e1 7 bytes JMP 000000016b001fa0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076f8b1d3 5 bytes JMP 000000016b001eb0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000770088b4 7 bytes JMP 000000016b001ea0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077008939 5 bytes JMP 000000016b001f90 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000077008c8f 5 bytes JMP 000000016b001f20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076591d1b 5 bytes JMP 000000016b002730 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076591dc9 5 bytes JMP 000000016b002790 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076592aa4 5 bytes JMP 000000016b002800 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076592d0a 5 bytes JMP 000000016b002980 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee9a2 5 bytes JMP 000000016b001a20 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eebdc 5 bytes JMP 000000016b001ab0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076885ea5 5 bytes JMP 000000016b001df0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3992] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768b9d0b 5 bytes JMP 000000016b001d70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000076f648b3 5 bytes JMP 0000000110002710 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000076f648cb 5 bytes JMP 00000001100027f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000076f648fd 5 bytes JMP 0000000110002780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f713e1 7 bytes JMP 000000016b001fa0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076f8b1d3 5 bytes JMP 000000016b001eb0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000770088b4 7 bytes JMP 000000016b001ea0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077008939 5 bytes JMP 000000016b001f90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077008c8f 5 bytes JMP 000000016b001f20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076591d1b 5 bytes JMP 000000016b002730 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076591dc9 5 bytes JMP 000000016b002790 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076592aa4 5 bytes JMP 000000016b002800 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076592d0a 5 bytes JMP 000000016b002980 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee9a2 5 bytes JMP 000000016b001a20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eebdc 5 bytes JMP 000000016b001ab0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076885ea5 5 bytes JMP 000000016b001df0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4008] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768b9d0b 5 bytes JMP 000000016b001d70 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f713e1 7 bytes JMP 000000016b001fa0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076f8b1d3 5 bytes JMP 000000016b001eb0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000770088b4 7 bytes JMP 000000016b001ea0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077008939 5 bytes JMP 000000016b001f90 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077008c8f 5 bytes JMP 000000016b001f20 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076591d1b 5 bytes JMP 000000016b002730 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076591dc9 5 bytes JMP 000000016b002790 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076592aa4 5 bytes JMP 000000016b002800 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076592d0a 5 bytes JMP 000000016b002980 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee9a2 5 bytes JMP 000000016b001a20 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eebdc 5 bytes JMP 000000016b001ab0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076885ea5 5 bytes JMP 000000016b001df0 .text C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe[3976] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000768b9d0b 5 bytes JMP 000000016b001d70 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767d1465 2 bytes [7D, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767d14bb 2 bytes [7D, 76] .text ... * 2 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076f713e1 7 bytes JMP 000000016b001fa0 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076f8b1d3 5 bytes JMP 000000016b001eb0 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000770088b4 7 bytes JMP 000000016b001ea0 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077008939 5 bytes JMP 000000016b001f90 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077008c8f 5 bytes JMP 000000016b001f20 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076591d1b 5 bytes JMP 000000016b002730 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076591dc9 5 bytes JMP 000000016b002790 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076592aa4 5 bytes JMP 000000016b002800 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076592d0a 5 bytes JMP 000000016b002980 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000754ee9a2 5 bytes JMP 000000016b001a20 .text D:\downloads\naprawa\zv58uk6y.exe[1448] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000754eebdc 5 bytes JMP 000000016b001ab0 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3348:4552] 000007fefb1c2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e006e6c08699 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6c08699 (not active ControlSet) ---- EOF - GMER 2.1 ----