GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-28 19:55:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 ST1000LM rev.LVD3 931,51GB Running: gzhcwmls.exe; Driver: C:\Users\ADA~1\AppData\Local\Temp\kxldrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbf0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1608] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbf0260 .text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1096] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Program Files (x86)\AVG\AVG2014\avgfws.exe[1096] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef532dc88 5 bytes JMP 000007fff51200d8 .text C:\Windows\system32\Dwm.exe[2336] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef532de10 5 bytes JMP 000007fff5120110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbf0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbf0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbf0228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbf0260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbe0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbe00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbe0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbe0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbe01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbe01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbe0228 .text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[2292] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbe0260 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[2372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbf0228 .text C:\Windows\System32\igfxpers.exe[2636] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbf0260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d1b 5 bytes JMP 00000001746832b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dc9 5 bytes JMP 0000000174683270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2aa4 5 bytes JMP 00000001746833d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d0a 5 bytes JMP 00000001746830b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f28a29 5 bytes JMP 0000000174682c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f34572 5 bytes JMP 0000000174683030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f4e567 5 bytes JMP 00000001746830a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f87a5c 5 bytes JMP 0000000174683020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ae96b 5 bytes JMP 0000000174682cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773aeba5 5 bytes JMP 0000000174682ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077425ea5 5 bytes JMP 0000000174682c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077459d0b 5 bytes JMP 0000000174682bb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3128] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d1b 5 bytes JMP 00000001746832b0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dc9 5 bytes JMP 0000000174683270 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2aa4 5 bytes JMP 00000001746833d0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d0a 5 bytes JMP 00000001746830b0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f28a29 5 bytes JMP 0000000174682c60 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f34572 5 bytes JMP 0000000174683030 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f4e567 5 bytes JMP 00000001746830a0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f87a5c 5 bytes JMP 0000000174683020 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ae96b 5 bytes JMP 0000000174682cd0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773aeba5 5 bytes JMP 0000000174682ce0 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077425ea5 5 bytes JMP 0000000174682c20 .text C:\Windows\SysWOW64\ctfmon.exe[3152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077459d0b 5 bytes JMP 0000000174682bb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d1b 5 bytes JMP 00000001746832b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dc9 5 bytes JMP 0000000174683270 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2aa4 5 bytes JMP 00000001746833d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d0a 5 bytes JMP 00000001746830b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f28a29 5 bytes JMP 0000000174682c60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f34572 5 bytes JMP 0000000174683030 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f4e567 5 bytes JMP 00000001746830a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f87a5c 5 bytes JMP 0000000174683020 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ae96b 5 bytes JMP 0000000174682cd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773aeba5 5 bytes JMP 0000000174682ce0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077425ea5 5 bytes JMP 0000000174682c20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4748] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077459d0b 5 bytes JMP 0000000174682bb0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbf0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbf00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbf0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbf0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe3d7490 11 bytes JMP 000007fffcbf0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe3ebf00 7 bytes JMP 000007fffcbf0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbf01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbf01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef69c2460 5 bytes JMP 000007fefcbf02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4704] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef69f96b0 6 bytes JMP 000007fefcbf0298 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d1b 5 bytes JMP 00000001746832b0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dc9 5 bytes JMP 0000000174683270 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2aa4 5 bytes JMP 00000001746833d0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d0a 5 bytes JMP 00000001746830b0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076f28a29 5 bytes JMP 0000000174682c60 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000076f34572 5 bytes JMP 0000000174683030 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 0000000076f4e567 5 bytes JMP 00000001746830a0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000076f87a5c 5 bytes JMP 0000000174683020 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ae96b 5 bytes JMP 0000000174682cd0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773aeba5 5 bytes JMP 0000000174682ce0 .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077e01465 2 bytes [E0, 77] .text C:\Users\Adaœ\Downloads\OTL.exe[2852] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000077e014bb 2 bytes [E0, 77] .text ... * 2 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077b3af40 7 bytes JMP 000000016fff0228 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077b44a60 5 bytes JMP 000000016fff0180 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077b62990 5 bytes JMP 000000016fff01b8 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077b6efe0 5 bytes JMP 000000016fff0110 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077b999b0 7 bytes JMP 000000016fff00d8 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077ba94d0 5 bytes JMP 000000016fff0148 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077bca500 7 bytes JMP 000000016fff01f0 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcc02db0 5 bytes JMP 000007fffcbe0180 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcc037d0 7 bytes JMP 000007fffcbe00d8 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcc08ef0 6 bytes JMP 000007fffcbe0148 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcc1af60 5 bytes JMP 000007fffcbe0110 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdec89e0 8 bytes JMP 000007fffcbe01f0 .text C:\Users\Adaœ\Downloads\FRST64.exe[2520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdecbe40 8 bytes JMP 000007fffcbe01b8 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000776d1eee 7 bytes JMP 0000000174683550 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000776d5b85 7 bytes JMP 00000001746837f0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000776e13e1 7 bytes JMP 0000000174683650 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000776eea0d 7 bytes JMP 0000000174683540 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000777788b4 7 bytes JMP 0000000174683310 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077778939 5 bytes JMP 00000001746833c0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077778c8f 5 bytes JMP 0000000174683320 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000766c1d1b 5 bytes JMP 00000001746832b0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000766c1dc9 5 bytes JMP 0000000174683270 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000766c2aa4 5 bytes JMP 00000001746833d0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000766c2d0a 5 bytes JMP 00000001746830b0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ae96b 5 bytes JMP 0000000174682cd0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773aeba5 5 bytes JMP 0000000174682ce0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f28a29 5 bytes JMP 0000000174682c60 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f34572 5 bytes JMP 0000000174683030 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076f4e567 5 bytes JMP 00000001746830a0 .text C:\Users\Adaœ\Downloads\gzhcwmls.exe[3192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076f87a5c 5 bytes JMP 0000000174683020 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001089e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001089c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800108a614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800108aa10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800108a86c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\anvgoisi \Device\Scsi\anvgoisi1 fffffa800b7e62c0 Device \FileSystem\Ntfs \Ntfs fffffa80072ce2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{77F661FD-A40F-4DBE-A9B6-BE4F90810BD4} fffffa800a9852c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa800ab612c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{436CB2DE-8F3C-4CB8-8221-4DCB5B958DFC} fffffa800a9852c0 Device \Driver\iaStorA \Device\00000070 fffffa80072ca2c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa80072ca2c0 Device \Driver\cdrom \Device\CdRom0 fffffa800a79a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{C0C71272-AF14-4D23-BB2B-BDE5AA20B5CA} fffffa800a9852c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa800ab612c0 Device \Driver\iaStorA \Device\00000071 fffffa80072ca2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800b8c22c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa800ab612c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800a9852c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{AAA7A94F-07F6-4915-B2B7-5FB9B455F016} fffffa800a9852c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa80072ca2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa800ab612c0 Device \Driver\anvgoisi \Device\ScsiPort1 fffffa800b7e62c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{40FBE0B3-ED7F-418E-ABFD-7D9061EDE14E} fffffa800a9852c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa80072ca2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa80072ca2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a6bc060] fffffa800a6bc060 Trace 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80082eac50] fffffa80082eac50 Trace 5 iaStorF.sys[fffff88001bf0f84] -> nt!IofCallDriver -> \Device\00000071[0xfffffa800819b060] fffffa800819b060 Trace \Driver\iaStorA[0xfffffa8007cf99c0] -> IRP_MJ_CREATE -> 0xfffffa80072ca2c0 fffffa80072ca2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\anvgoisi.SYS fffff88005385000-fffff880053d6000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer 95.160.170.92 88.156.222.92 82.139.8.40 ---- EOF - GMER 2.1 ----