GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-03 01:12:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000DX001-1NS162 rev.CC41 931,51GB Running: i4ze8xq4.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\pwldapob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000243400 15 bytes [C0, 37, EE, 01, 40, A7, 69, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000243410 11 bytes [00, 14, FC, FF, 00, 84, D5, ...] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, 27, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, 27, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, 27, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, 27, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, 27, 7F, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5956] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, C0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, C0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, C0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, C0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, C0, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[6108] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, 1B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, 1B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, 1B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, 1B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, 1B, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5248] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, 67, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, 67, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, 67, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, 67, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, 67, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1784] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMHID4.exe[5028] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\SteelSeries\World of Warcraft(R) MMO Gaming Mouse Legendary Edition\WoWMTray4.exe[32] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\V0700Mon.exe[2796] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, AD, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, AD, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, AD, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, AD, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, AD, 7E, 00, 00, 00, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5656] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1548] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffed00ddeb1 11 bytes {MOV EAX, 0x1fe0110; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1548] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00007ffed0130f70 5 bytes JMP 00007ffec972538b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffed00ddeb1 11 bytes {MOV EAX, 0x1fe06c0; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6776] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00007ffed0130f70 5 bytes JMP 00007ffec972538b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2988] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffed00ddeb1 11 bytes {MOV EAX, 0x1fe0250; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2988] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00007ffed0130f70 5 bytes JMP 00007ffec972538b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffed00ddeb1 11 bytes {MOV EAX, 0x1fe0350; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00007ffed0130f70 5 bytes JMP 00007ffec972538b .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ffed0b44ba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ffed0b44fcc 8 bytes [A0, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ffed0b452a6 8 bytes [90, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ffed0b4549f 8 bytes {JMP 0xffffffffffffffee} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ffed0b4583f 8 bytes [70, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 997 00007ffed0b45895 8 bytes [60, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ffed0b45a44 8 bytes [50, 6B, F8, 7F, 00, 00, 00, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ffed0b45fe1 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffed0bc0780 8 bytes {JMP QWORD [RIP-0x7af47]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffed0bc0900 8 bytes {JMP QWORD [RIP-0x7b071]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffed0bc0930 8 bytes {JMP QWORD [RIP-0x7b96a]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffed0bc0a50 8 bytes {JMP QWORD [RIP-0x7b5b7]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffed0bc0b00 8 bytes {JMP QWORD [RIP-0x7b860]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffed0bc11c0 8 bytes {JMP QWORD [RIP-0x7b1e5]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffed0bc14c0 8 bytes {JMP QWORD [RIP-0x7b77e]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffed0bc1d40 8 bytes {JMP QWORD [RIP-0x7c302]} .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 438 0000000076ee13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000076ee1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000076ee1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000076ee1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 0000000076ee16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 0000000076ee16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Marcin\Downloads\i4ze8xq4.exe[7852] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000076ee1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7340] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7804] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3852] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2564] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6644] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffece37002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffece37006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffed025002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffeaadf3294] C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7140] @ C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7ffed074002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [7112:3368] fffff960009572d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1979880254 Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@CheckVersion 392 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File9 C:\Users\Marcin\Desktop\fa.JPG Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 275 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 275 ---- EOF - GMER 2.2 ----