GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-26 17:11:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: hzy2bi9h.exe; Driver: C:\Users\Xivisi\AppData\Local\Temp\uwdiruob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5d0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1644] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5d0260 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fefa58dc88 5 bytes JMP 000007fffa5600d8 .text C:\Windows\system32\Dwm.exe[1140] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fefa58de10 5 bytes JMP 000007fffa560110 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4028] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5d0228 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[1172] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5d0260 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5d0228 .text C:\Program Files\Dell\QuickSet\quickset.exe[3464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5d0260 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5d0228 .text C:\Program Files\DellTPad\Apoint.exe[2832] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5d0260 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4a7490 11 bytes JMP 000007fffd5d0228 .text C:\Windows\System32\igfxpers.exe[2856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff4bbf00 7 bytes JMP 000007fffd5d0260 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Users\Xivisi\AppData\Roaming\uTorrent\uTorrent.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\OLE32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\OLE32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ba1465 2 bytes [BA, 75] .text C:\Program Files (x86)\screenSHU\screenSHU.exe[3908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ba14bb 2 bytes [BA, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\DellTPad\ApMsgFwd.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3172] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3916] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\DellTPad\HidFind.exe[2076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\DellTPad\Apntex.exe[2208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000772b9630 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5e2db0 5 bytes JMP 000007fffd5d0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5e37d0 7 bytes JMP 000007fffd5d00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5e8ef0 6 bytes JMP 000007fffd5d0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5faf60 5 bytes JMP 000007fffd5d0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9a89e0 8 bytes JMP 000007fffd5d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9abe40 8 bytes JMP 000007fffd5d01b8 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000773c1f0e 7 bytes JMP 00000001750a168b .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000773c5bad 7 bytes JMP 00000001750a11a4 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000773d1409 7 bytes JMP 00000001750a1280 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000773dea45 7 bytes JMP 00000001750a123a .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000773eb21b 5 bytes JMP 00000001750a15a0 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077468e24 7 bytes JMP 00000001750a132f .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077468ea9 5 bytes JMP 00000001750a16cc .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000774691ff 1 byte JMP 00000001750a1703 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000077469201 3 bytes {JMP 0xfffffffffdc38504} .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077371d1b 5 bytes JMP 00000001750a11bd .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077371dc9 5 bytes JMP 00000001750a1014 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077372aa4 5 bytes JMP 00000001750a154b .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077372d0a 5 bytes JMP 00000001750a1267 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007645e96b 5 bytes JMP 00000001750a15b9 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007645eba5 5 bytes JMP 00000001750a1181 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c98a29 5 bytes JMP 00000001750a171c .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ca4572 5 bytes JMP 00000001750a10a0 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075cbe567 5 bytes JMP 00000001750a140b .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cf7a5c 5 bytes JMP 00000001750a15c8 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075fd5ea5 5 bytes JMP 00000001750a15f0 .text C:\Users\Xivisi\Downloads\hzy2bi9h.exe[5104] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076009d0b 5 bytes JMP 00000001750a1217 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800105fe94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800105fc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001060614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001060a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106086c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80076262c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{65F3EE31-30A7-4B66-A1AE-CB582DA8BAA4} fffffa80098b32c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8009adf2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007e8f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D7BBE189-A651-4AFE-ABEA-8EE6A9FB420B} fffffa80098b32c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8009adf2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8009adf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B2079873-BB58-444E-93CF-2BB6D258A59D} fffffa80098b32c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F508F842-7A9A-4C41-99E2-04CEEC5D1897} fffffa80098b32c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80098b32c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8009adf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{F3678CB2-0597-4691-B232-12E3173E7739} fffffa80098b32c0 ---- Processes - GMER 2.1 ---- Process C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] (DAEMON Tools Lite Setup/Disc Soft Ltd)(2014-04-26 14:41:02) 0000000000400000 Library C:\Users\Xivisi\AppData\Local\Temp\nss57F3.tmp\UninstHlp.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 0000000061a00000 Library C:\Users\Xivisi\AppData\Local\Temp\nss57F3.tmp\Lang\ENU.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 000000006f770000 Library C:\Users\Xivisi\AppData\Local\Temp\nss57F3.tmp\Lang\PLK.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 0000000069400000 Library C:\Users\Xivisi\AppData\Local\Temp\nss57F3.tmp\InstallOptions.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 0000000010000000 Library C:\Users\Xivisi\AppData\Local\Temp\nss57F3.tmp\System.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 00000000032c0000 Library C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll (*** suspicious ***) @ C:\Users\Xivisi\AppData\Local\Temp\~nsu.tmp\Au_.exe [6984] 000000006afc0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}\Connection@Name isatap.{F508F842-7A9A-4C41-99E2-04CEEC5D1897} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}\Connection@Name isatap.{65F3EE31-30A7-4B66-A1AE-CB582DA8BAA4} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{C39F12F4-CA31-4919-9494-791872C347CE}?\Device\{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}?\Device\{C5B66E57-69DC-469E-9C73-B5749EEFB8B8}?\Device\{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}?\Device\{9A7D41D4-3FDA-497D-93EB-49F7FB14DD17}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{C39F12F4-CA31-4919-9494-791872C347CE}"?"{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}"?"{C5B66E57-69DC-469E-9C73-B5749EEFB8B8}"?"{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}"?"{9A7D41D4-3FDA-497D-93EB-49F7FB14DD17}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{C39F12F4-CA31-4919-9494-791872C347CE}?\Device\TCPIP6TUNNEL_{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}?\Device\TCPIP6TUNNEL_{C5B66E57-69DC-469E-9C73-B5749EEFB8B8}?\Device\TCPIP6TUNNEL_{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}?\Device\TCPIP6TUNNEL_{9A7D41D4-3FDA-497D-93EB-49F7FB14DD17}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893c73ae Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}@InterfaceName isatap.{F508F842-7A9A-4C41-99E2-04CEEC5D1897} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3DF7DF45-A6E7-457C-8C1D-49532CFBA2B8}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}@InterfaceName isatap.{65F3EE31-30A7-4B66-A1AE-CB582DA8BAA4} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BAB4FC40-3D4B-41FA-9E61-DD6331A4B1E7}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-0c-42-ca-5c-00@ClientLocalPort 55019 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\00-0c-42-ca-5c-00@TeredoAddress 2001:0:9d38:90d7:1025:2914:a1d5:5245 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4847 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0xC0 0x91 0xA7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7BBE189-A651-4AFE-ABEA-8EE6A9FB420B}@LeaseObtainedTime 1398523650 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7BBE189-A651-4AFE-ABEA-8EE6A9FB420B}@T1 1398653250 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7BBE189-A651-4AFE-ABEA-8EE6A9FB420B}@T2 1398750450 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7BBE189-A651-4AFE-ABEA-8EE6A9FB420B}@LeaseTerminatesTime 1398782850 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893c73ae (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x29 0x66 0xBD 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3B 0x6F 0xF4 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0xFF 0xB7 0xBF ... ---- Files - GMER 2.1 ---- File C:\Users\Xivisi\Downloads\Niepotwierdzony 607935.crdownload (size mismatch) 665075/0 bytes executable ---- EOF - GMER 2.1 ----