GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-22 12:33:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: iwrk88in.exe; Driver: C:\Users\Brian\AppData\Local\Temp\uxldqpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef854dc88 5 bytes JMP 000007fff83400d8 .text C:\Windows\system32\Dwm.exe[2152] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef854de10 5 bytes JMP 000007fff8340110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7ef2460 5 bytes JMP 000007fefd6c02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2400] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef7f296b0 6 bytes JMP 000007fefd6c0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1712] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[1464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1656] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec5ea5 5 bytes JMP 00000001729f2c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ef9d0b 5 bytes JMP 00000001729f2ba0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec5ea5 5 bytes JMP 00000001729f2c10 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ef9d0b 5 bytes JMP 00000001729f2ba0 .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76] .text D:\Gry\Steam\Steam.exe[3468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3792] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76] .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76] .text ... * 2 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec5ea5 5 bytes JMP 00000001729f2c10 .text D:\Gry\Steam\bin\steamwebhelper.exe[3816] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ef9d0b 5 bytes JMP 00000001729f2ba0 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Windows\system32\igfxEM.exe[4016] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Windows\system32\igfxHK.exe[4024] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec5ea5 5 bytes JMP 00000001729f2c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4280] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ef9d0b 5 bytes JMP 00000001729f2ba0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075ec5ea5 5 bytes JMP 00000001729f2c10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ef9d0b 5 bytes JMP 00000001729f2ba0 .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76] .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76] .text ... * 2 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007758a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077593f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775affb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775bf2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775e9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775f94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000776187e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd6d2db0 5 bytes JMP 000007fffd6c0180 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6d37d0 7 bytes JMP 000007fffd6c00d8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6d8ef0 6 bytes JMP 000007fffd6c0148 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd6eaf60 5 bytes JMP 000007fffd6c0110 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd9c89f0 8 bytes JMP 000007fffd6c01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd9cbe50 8 bytes JMP 000007fffd6c01b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff757490 11 bytes JMP 000007fffd6c0228 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4604] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff76bf00 7 bytes JMP 000007fffd6c0260 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f91f0e 7 bytes JMP 00000001729f3d10 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f95bad 7 bytes JMP 00000001729f46b0 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076fa1409 7 bytes JMP 00000001729f4050 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076faea45 7 bytes JMP 00000001729f3d00 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077038e24 7 bytes JMP 00000001729f37c0 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077038ea9 5 bytes JMP 00000001729f3870 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000770391ff 5 bytes JMP 00000001729f37d0 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000773a1d29 5 bytes JMP 00000001729f3780 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000773a1dd7 5 bytes JMP 00000001729f3740 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000773a2ab1 5 bytes JMP 00000001729f3880 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000773a2d17 5 bytes JMP 00000001729f3560 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007582e96b 5 bytes JMP 00000001729f2d70 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007582eba5 5 bytes JMP 00000001729f2d80 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000772a8a29 5 bytes JMP 00000001729f2c50 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000772b4572 5 bytes JMP 00000001729f34e0 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000772ce567 5 bytes JMP 00000001729f3550 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000772f07d7 5 bytes JMP 00000001729f2a60 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077307a5c 5 bytes JMP 00000001729f34d0 .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76] .text C:\Users\Brian\Downloads\iwrk88in.exe[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\689423f06ba2 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\689423f06ba2 (not active ControlSet) ---- EOF - GMER 2.1 ----