GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-11 00:25:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 PLEXTOR_PX-128M5S rev.1.05 119,24GB Running: fdpzj8bt.exe; Driver: C:\Users\Lukasz\AppData\Local\Temp\ugrdapoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1608] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000774e8769 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1608] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a81465 2 bytes [A8, 75] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1608] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a814bb 2 bytes [A8, 75] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe487490 11 bytes JMP 000007fffdcd0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2112] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe49bf00 7 bytes JMP 000007fffdcd0260 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef61bdc88 5 bytes JMP 000007fff5fb00d8 .text C:\Windows\system32\Dwm.exe[3028] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef61bde10 5 bytes JMP 000007fff5fb0110 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe487490 11 bytes JMP 000007fffdcd0228 .text C:\Windows\System32\igfxpers.exe[2696] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe49bf00 7 bytes JMP 000007fffdcd0260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2632] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2536] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe487490 11 bytes JMP 000007fffdcd0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[3148] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe49bf00 7 bytes JMP 000007fffdcd0260 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Users\Lukasz\AppData\Local\FluxSoftware\Flux\flux.exe[3180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdc10180 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdc100d8 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdc10148 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdc10110 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdc101f0 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdc101b8 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe487490 11 bytes JMP 000007fffdc10228 .text C:\Program Files\K2T\WTW\wtw.exe[3228] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe49bf00 7 bytes JMP 000007fffdc10260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcd0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcd00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcd0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcd0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcd01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcd01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fefa852460 5 bytes JMP 000007fefdcd02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5096] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fefa8896b0 6 bytes JMP 000007fefdcd0298 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Users\Lukasz\Downloads\putty.exe[5400] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075a81465 2 bytes [A8, 75] .text C:\Users\Lukasz\Downloads\OTL.exe[2164] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075a814bb 2 bytes [A8, 75] .text ... * 2 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007795af40 7 bytes JMP 000000016fff0260 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077964a60 5 bytes JMP 000000016fff01b8 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077982990 5 bytes JMP 000000016fff01f0 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007798efe0 5 bytes JMP 000000016fff0148 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000779b99b0 7 bytes JMP 000000016fff00d8 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000779c94d0 5 bytes JMP 000000016fff0180 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000779c9640 5 bytes JMP 000000016fff0110 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000779ea500 7 bytes JMP 000000016fff0228 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdce2db0 5 bytes JMP 000007fffdcc0180 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdce37d0 7 bytes JMP 000007fffdcc00d8 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdce8ef0 6 bytes JMP 000007fffdcc0148 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcfaf60 5 bytes JMP 000007fffdcc0110 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe6789e0 8 bytes JMP 000007fffdcc01f0 .text C:\Users\Lukasz\Downloads\FRST64.exe[5852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe67be40 8 bytes JMP 000007fffdcc01b8 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000774e1eee 7 bytes JMP 000000016df71695 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000774e5b85 7 bytes JMP 000000016df711a9 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000774f13e1 7 bytes JMP 000000016df7128a .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000774fea0d 7 bytes JMP 000000016df71244 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007750b1d3 5 bytes JMP 000000016df715aa .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000775888b4 7 bytes JMP 000000016df71339 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077588939 5 bytes JMP 000000016df716d6 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077588c8f 5 bytes JMP 000000016df7170d .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d1b 5 bytes JMP 000000016df711c2 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075b31dc9 5 bytes JMP 000000016df71014 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32aa4 5 bytes JMP 000000016df71555 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d0a 5 bytes JMP 000000016df71271 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000758fe96b 5 bytes JMP 000000016df715c3 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000758feba5 5 bytes JMP 000000016df71186 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077658a29 5 bytes JMP 000000016df71726 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000077664572 5 bytes JMP 000000016df710a0 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007767e567 5 bytes JMP 000000016df71415 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000776b7a5c 3 bytes JMP 000000016df715d2 .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo + 4 00000000776b7a60 1 byte [F6] .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076155ea5 5 bytes JMP 000000016df715fa .text C:\Users\Lukasz\Downloads\fdpzj8bt.exe[5888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076189d0b 5 bytes JMP 000000016df7121c ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4624:4764] 000007fefa632a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4624:5124] 000007fefaa55124 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0143dccc340 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0143dccc340@9c029872d173 0x30 0x5A 0x60 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0143dccc340 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0143dccc340@9c029872d173 0x30 0x5A 0x60 0xDC ... ---- EOF - GMER 2.1 ----