GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-04 08:45:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: mgzh9b89.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\pxlcypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Windows\system32\taskhostex.exe[9220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Windows\system32\igfxEM.exe[2240] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Windows\system32\wuauclt.exe[1564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Windows\system32\igfxHK.exe[3156] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[9044] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6212] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[9880] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[6952] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[8024] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ffa96143e10 7 bytes JMP 00007ffa95380260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00007ffa96143e20 7 bytes JMP 00007ffa95380298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00007ffa961f39b0 7 bytes JMP 00007ffa95380340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00007ffa961f3ef0 7 bytes JMP 00007ffa953802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00007ffa961f3fe0 7 bytes JMP 00007ffa95380308 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffa962206c0 7 bytes JMP 00007ffa953801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffa96220730 7 bytes JMP 00007ffa95380228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffa953921d0 5 bytes JMP 00007ffa95380180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa953929d0 7 bytes JMP 00007ffa953800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa95394310 5 bytes JMP 00007ffa95380110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa95398c40 5 bytes JMP 00007ffa95380148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffa9540ebc0 1 byte JMP 00007ffa953801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffa9540ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffa95d29920 10 bytes JMP 00007ffa95380420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffa95d34430 5 bytes JMP 00007ffa953803e8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa95d344f0 1 byte JMP 00007ffa95380378 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa95d344f2 7 bytes {JMP 0xffffffffff64be88} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffa95d43b80 5 bytes JMP 00007ffa953803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffa95d45cd0 5 bytes JMP 00007ffa95380458 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffa9636d050 7 bytes JMP 00007ffa95380500 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffa9639b160 5 bytes JMP 00007ffa95380538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa95611500 1 byte JMP 00007ffa95380490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffa95611502 6 bytes {JMP 0xffffffffffd6ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1816] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa95611750 8 bytes JMP 00007ffa953804c8 ---- Devices - GMER 2.2 ---- Device \Driver\iaStorA \Device\RaidPort0 ffffe0004b00d2c0 Device \Driver\cdrom \Device\CdRom0 ffffe0004a2af2c0 Device \Driver\USBSTOR \Device\000000a4 ffffe0004df342c0 Device \Driver\iaStorA \Device\00000032 ffffe0004b00d2c0 Device \Driver\iaStorA \Device\00000033 ffffe0004b00d2c0 Device \Driver\iaStorA \Device\ScsiPort0 ffffe0004b00d2c0 Device \Driver\USBSTOR \Device\000000a3 ffffe0004df342c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xffffe0004b00d2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys ffffe0004b00d2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0004c777480] ffffe0004c777480 Trace 3 CLASSPNP.SYS[fffff800a1490f40] -> nt!IofCallDriver -> \Device\00000032[0xffffe0004aebc060] ffffe0004aebc060 Trace \Driver\iaStorA[0xffffe0004adc3740] -> IRP_MJ_CREATE -> 0xffffe0004b00d2c0 ffffe0004b00d2c0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [6116:5260] fffff960008422d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1866349752 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 7509 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\E0DC4F87C546594C8B253159C12C6B86@p0 C:\Program Files\DAEMON Tools Ultra\ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Hidden 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0xDC 0xE1 0x6E 0x35 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastWatsonCabUploaded 0x9D 0xD2 0xB1 0x0E ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_2152759308_af5bd15a9cb7ab14ea2a8824199c5dc72a08e6a_00000000_cab_2d4d02c9 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0x68 0x03 0x0B 0x00 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CloseDialog 0xAA 0x02 0x0A 0x00 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CollectingDataDialog 0xA2 0x03 0x29 0x00 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----