GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-29 22:19:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e SAMSUNG_SSD_830_Series rev.CXM03B1Q 119,24GB Running: l9z3g9wu.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\kxrdikoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff803ae26041c 1 byte [31] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\system32\dwm.exe[1176] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\System32\WUDFHost.exe[1496] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\WUDFHost.exe[1496] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\WUDFHost.exe[1496] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\WUDFHost.exe[1496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\Windows\System32\WUDFHost.exe[1496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\system32\MSIMG32.DLL!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\system32\MSIMG32.DLL!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\system32\MSIMG32.DLL!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\BtwRSupportService.exe[2080] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\BtwRSupportService.exe[2080] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\BtwRSupportService.exe[2080] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\System32\svchost.exe[2404] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007f987041b32 4 bytes [04, 87, F9, 07] .text C:\Windows\System32\svchost.exe[2404] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007f987041b3a 4 bytes [04, 87, F9, 07] .text C:\Windows\System32\svchost.exe[2552] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007f987041b32 4 bytes [04, 87, F9, 07] .text C:\Windows\System32\svchost.exe[2552] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007f987041b3a 4 bytes [04, 87, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\nvvsvc.exe[3232] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\nvvsvc.exe[3232] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\nvvsvc.exe[3232] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\nvvsvc.exe[3232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\Windows\system32\nvvsvc.exe[3232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\system32\wbem\wmiprvse.exe[3672] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[1192] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\system32\taskhostex.exe[3312] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\Program Files\AuthenTec TrueSuite\TouchControl.exe[3292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe[2248] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\system32\wbem\unsecapp.exe[3380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\Explorer.EXE[2908] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Windows\Explorer.EXE[2908] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Windows\Explorer.EXE[2908] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4380] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\Windows\System32\igfxpers.exe[4896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f98dfe1532 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f98dfe153a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f98dfe165a 4 bytes [FE, 8D, F9, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4960] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5012] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa906402d0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640308 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa90640340 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640298 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640378 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa906403e8 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa906403b0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007f992f72100 5 bytes JMP 000007fa90640228 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3820] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007f992f85d4c 7 bytes JMP 000007fa90640260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9933b177a 4 bytes [3B, 93, F9, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9933b1782 4 bytes [3B, 93, F9, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[3624] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Windows\System32\Taskmgr.exe[6164] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f990d1d8f8 7 bytes JMP 000007fa90640260 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f990d2b1a4 7 bytes JMP 000007fa90640298 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f990d2b214 7 bytes JMP 000007fa906402d0 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f990d2b238 8 bytes JMP 000007fa90640228 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f990d2b87c 8 bytes JMP 000007fa90640308 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f9906528a0 7 bytes JMP 000007fa906400d8 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f9906528e8 5 bytes JMP 000007fa90640180 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f99066f590 6 bytes JMP 000007fa90640148 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f99066f8ac 5 bytes JMP 000007fa90640110 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007f992dfc5b0 7 bytes JMP 000007fa90640378 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007f992e07160 5 bytes JMP 000007fa90640340 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f990ad10b0 8 bytes JMP 000007fa906401f0 .text C:\Windows\system32\DllHost.exe[8104] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f990ae11b0 8 bytes JMP 000007fa906401b8 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [788:5868] fffff960008095e8 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:2064] 00000000010b301f Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5796] 0000000066bc40f0 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5944] 0000000066581120 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:2056] 0000000066022b51 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5060] 0000000066022b51 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:6112] 0000000064e29420 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5600] 0000000064bcfe30 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:1456] 0000000064b3b230 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5684] 00000000689b3840 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:4768] 00000000689b34b0 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:6124] 00000000689b3840 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5136] 00000000689b34b0 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:5184] 0000000066022b51 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:784] 00000000649b6eb3 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:492] 00000000649b6eb3 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:440] 0000000064869b80 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:1528] 000000006484cfb0 Thread C:\Windows\SYSTEM32\ntdll.dll [2060:2680] 0000000071fd74e5 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -248696561 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\689423ea0c2f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\689423ea0c2f@18461703202c 0xCA 0x71 0xB1 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\689423ea0c2f@3816d1c4cfb4 0xD5 0x37 0x74 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 42435 ---- EOF - GMER 2.1 ----