GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-05 22:58:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR1 698,64GB Running: z8vsb05t.exe; Driver: C:\Users\Iwonka\AppData\Local\Temp\kwriapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077018781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4300b8 .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffc51f8} .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd430038 .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd430138 .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4302b8 .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd430238 .text C:\Windows\system32\taskhost.exe[2992] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4301b8 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\Dwm.exe[2404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2624] entry point in ".rdata" section 00000000704d71e6 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3844] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Windows\system32\taskeng.exe[5012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Windows\system32\taskeng.exe[5012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\taskeng.exe[5012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Windows\system32\taskeng.exe[5012] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4108] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 0000000100492710 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4108] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001004927f0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[4108] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 0000000100492780 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[4376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4424] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 0000000100212710 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4424] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001002127f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4424] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 0000000100212780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4424] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075cf9d0b 5 bytes JMP 0000000100212850 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5024] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 00000001002b2710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5024] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001002b27f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5024] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 00000001002b2780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075cf9d0b 5 bytes JMP 00000001002b2850 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 00000001002b2710 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001002b27f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 00000001002b2780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075cf9d0b 5 bytes JMP 00000001002b2850 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 0000000100942710 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001009427f0 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 0000000100942780 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075cf9d0b 5 bytes JMP 0000000100942850 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000770148cb 5 bytes JMP 0000000100522710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000770148e3 5 bytes JMP 00000001005227f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077014915 5 bytes JMP 0000000100522780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075cf9d0b 5 bytes JMP 0000000100522850 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007feed986944 5 bytes JMP 000007fefd4503b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4976] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007feed9a5a84 5 bytes JMP 000007fefd450338 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5072] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Windows\system32\igfxtray.exe[4952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Windows\system32\igfxtray.exe[4952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\igfxtray.exe[4952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Windows\system32\igfxtray.exe[4952] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Windows\system32\hkcmd.exe[4292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Windows\system32\hkcmd.exe[4292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\hkcmd.exe[4292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Windows\system32\hkcmd.exe[4292] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Windows\system32\igfxpers.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Windows\system32\igfxpers.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\igfxpers.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Windows\system32\igfxpers.exe[3972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4864] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4864] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2088] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077731401 2 bytes JMP 7703b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077731419 2 bytes JMP 7703b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077731431 2 bytes JMP 770b8f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007773144a 2 bytes CALL 7701489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000777314dd 2 bytes JMP 770b8822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000777314f5 2 bytes JMP 770b89f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007773150d 2 bytes JMP 770b8718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077731525 2 bytes JMP 770b8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007773153d 2 bytes JMP 7702fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077731555 2 bytes JMP 770368ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007773156d 2 bytes JMP 770b8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077731585 2 bytes JMP 770b8b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007773159d 2 bytes JMP 770b86dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000777315b5 2 bytes JMP 7702fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000777315cd 2 bytes JMP 7703b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000777316b2 2 bytes JMP 770b8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000777316bd 2 bytes JMP 770b8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077476420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd46aec0 1 byte JMP 000007fffd4500b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd46aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd46ca30 5 bytes JMP 000007fffd450038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff4774a0 5 bytes JMP 000007fffd450138 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa43a38c 5 bytes JMP 000007fefd4502b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa454b60 5 bytes JMP 000007fefd450238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[5308] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa454ba0 5 bytes JMP 000007fefd4501b8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}\Connection@Name isatap.{CE1A90C6-F43E-41A7-9EC4-1E15E272E653} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{F0C7D781-D180-4178-B1EF-27DD749EE79C}?\Device\{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}?\Device\{6398DF44-6D8B-427E-B759-72647A959734}?\Device\{21B6101E-3AAA-43DA-B87F-F851D37BAB9A}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{F0C7D781-D180-4178-B1EF-27DD749EE79C}"?"{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}"?"{6398DF44-6D8B-427E-B759-72647A959734}"?"{21B6101E-3AAA-43DA-B87F-F851D37BAB9A}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{F0C7D781-D180-4178-B1EF-27DD749EE79C}?\Device\TCPIP6TUNNEL_{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}?\Device\TCPIP6TUNNEL_{6398DF44-6D8B-427E-B759-72647A959734}?\Device\TCPIP6TUNNEL_{21B6101E-3AAA-43DA-B87F-F851D37BAB9A}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9d833c4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}@InterfaceName isatap.{CE1A90C6-F43E-41A7-9EC4-1E15E272E653} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{6DB0EBB5-AA8E-4ABC-B952-8D8FBE52A43D}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9d833c4 (not active ControlSet) ---- EOF - GMER 2.1 ----