GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-05 00:26:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB Running: eu0m7ivc.exe; Driver: C:\Users\Damian\AppData\Local\Temp\awrdrpog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002db7000 63 bytes [00, 00, 0D, 02, 41, 76, 67, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80002db7040 59 bytes [30, 05, 49, 08, 80, FA, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000103f00 7 bytes [00, 98, F3, FF, 01, A6, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000103f08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cfaf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d04a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d22990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2e7490 11 bytes JMP 000007fffbe90228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2fbf00 7 bytes JMP 000007fffbe90260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cfaf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d04a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d22990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef76e2460 5 bytes JMP 000007fefbe902d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2152] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef77196b0 6 bytes JMP 000007fefbe90298 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6d5dc88 5 bytes JMP 000007fff6b500d8 .text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6d5de10 5 bytes JMP 000007fff6b50110 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1eee 7 bytes JMP 0000000171853550 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5b85 7 bytes JMP 00000001718537f0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc13e1 7 bytes JMP 0000000171853650 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea0d 7 bytes JMP 0000000171853540 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588b4 7 bytes JMP 0000000171853310 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58939 5 bytes JMP 00000001718533c0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58c8f 5 bytes JMP 0000000171853320 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000759c1d1b 5 bytes JMP 00000001718532b0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000759c1dc9 5 bytes JMP 0000000171853270 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000759c2aa4 5 bytes JMP 00000001718533d0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000759c2d0a 5 bytes JMP 00000001718530b0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074d98a29 5 bytes JMP 0000000171852c60 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074da4572 5 bytes JMP 0000000171853030 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074dbe567 5 bytes JMP 00000001718530a0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074df7a5c 5 bytes JMP 0000000171853020 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e96b 5 bytes JMP 0000000171852cd0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594eba5 5 bytes JMP 0000000171852ce0 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c35ea5 5 bytes JMP 0000000171852c20 .text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c69d0b 5 bytes JMP 0000000171852bb0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cfaf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d04a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d22990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2e7490 11 bytes JMP 000007fffbe90228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2600] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2fbf00 7 bytes JMP 000007fffbe90260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cfaf40 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d04a60 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d22990 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2e7490 11 bytes JMP 000007fffbe90228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2fbf00 7 bytes JMP 000007fffbe90260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1eee 7 bytes JMP 0000000171853550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5b85 7 bytes JMP 00000001718537f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc13e1 7 bytes JMP 0000000171853650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea0d 7 bytes JMP 0000000171853540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588b4 7 bytes JMP 0000000171853310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58939 5 bytes JMP 00000001718533c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58c8f 5 bytes JMP 0000000171853320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000759c1d1b 5 bytes JMP 00000001718532b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000759c1dc9 5 bytes JMP 0000000171853270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000759c2aa4 5 bytes JMP 00000001718533d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000759c2d0a 5 bytes JMP 00000001718530b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074d98a29 5 bytes JMP 0000000171852c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074da4572 5 bytes JMP 0000000171853030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074dbe567 5 bytes JMP 00000001718530a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074df7a5c 5 bytes JMP 0000000171853020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e96b 5 bytes JMP 0000000171852cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594eba5 5 bytes JMP 0000000171852ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c35ea5 5 bytes JMP 0000000171852c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c69d0b 5 bytes JMP 0000000171852bb0 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc2e7490 11 bytes JMP 000007fffbe90228 .text C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe[2844] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc2fbf00 7 bytes JMP 000007fffbe90260 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1eee 7 bytes JMP 0000000171853550 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5b85 7 bytes JMP 00000001718537f0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc13e1 7 bytes JMP 0000000171853650 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea0d 7 bytes JMP 0000000171853540 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588b4 7 bytes JMP 0000000171853310 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58939 5 bytes JMP 00000001718533c0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58c8f 5 bytes JMP 0000000171853320 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000759c1d1b 5 bytes JMP 00000001718532b0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000759c1dc9 5 bytes JMP 0000000171853270 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000759c2aa4 5 bytes JMP 00000001718533d0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000759c2d0a 5 bytes JMP 00000001718530b0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e96b 5 bytes JMP 0000000171852cd0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594eba5 5 bytes JMP 0000000171852ce0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074d98a29 5 bytes JMP 0000000171852c60 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074da4572 5 bytes JMP 0000000171853030 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074dbe567 5 bytes JMP 00000001718530a0 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074df7a5c 5 bytes JMP 0000000171853020 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c35ea5 5 bytes JMP 0000000171852c20 .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c69d0b 5 bytes JMP 0000000171852bb0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1eee 7 bytes JMP 0000000171853550 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5b85 7 bytes JMP 00000001718537f0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc13e1 7 bytes JMP 0000000171853650 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea0d 7 bytes JMP 0000000171853540 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588b4 7 bytes JMP 0000000171853310 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58939 5 bytes JMP 00000001718533c0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58c8f 5 bytes JMP 0000000171853320 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000759c1d1b 5 bytes JMP 00000001718532b0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000759c1dc9 5 bytes JMP 0000000171853270 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000759c2aa4 5 bytes JMP 00000001718533d0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000759c2d0a 5 bytes JMP 00000001718530b0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074d98a29 5 bytes JMP 0000000171852c60 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074da4572 5 bytes JMP 0000000171853030 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074dbe567 5 bytes JMP 00000001718530a0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074df7a5c 5 bytes JMP 0000000171853020 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e96b 5 bytes JMP 0000000171852cd0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594eba5 5 bytes JMP 0000000171852ce0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074c35ea5 5 bytes JMP 0000000171852c20 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074c69d0b 5 bytes JMP 0000000171852bb0 .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000750a1465 2 bytes [0A, 75] .text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[1624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750a14bb 2 bytes [0A, 75] .text ... * 2 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076cfaf40 7 bytes JMP 000000016fff0228 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076d04a60 5 bytes JMP 000000016fff0180 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076d22990 5 bytes JMP 000000016fff01b8 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076d2efe0 5 bytes JMP 000000016fff0110 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076d599b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d694d0 5 bytes JMP 000000016fff0148 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d8a500 7 bytes JMP 000000016fff01f0 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefbea2db0 5 bytes JMP 000007fffbe90180 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefbea37d0 7 bytes JMP 000007fffbe900d8 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefbea8ef0 6 bytes JMP 000007fffbe90148 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefbebaf60 5 bytes JMP 000007fffbe90110 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc289e0 8 bytes JMP 000007fffbe901f0 .text C:\Windows\notepad.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc2be40 8 bytes JMP 000007fffbe901b8 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075db1eee 7 bytes JMP 0000000171853550 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075db5b85 7 bytes JMP 00000001718537f0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075dc13e1 7 bytes JMP 0000000171853650 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075dcea0d 7 bytes JMP 0000000171853540 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075e588b4 7 bytes JMP 0000000171853310 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075e58939 5 bytes JMP 00000001718533c0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075e58c8f 5 bytes JMP 0000000171853320 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000759c1d1b 5 bytes JMP 00000001718532b0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000759c1dc9 5 bytes JMP 0000000171853270 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000759c2aa4 5 bytes JMP 00000001718533d0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000759c2d0a 5 bytes JMP 00000001718530b0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007594e96b 5 bytes JMP 0000000171852cd0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007594eba5 5 bytes JMP 0000000171852ce0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074d98a29 5 bytes JMP 0000000171852c60 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074da4572 5 bytes JMP 0000000171853030 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074dbe567 5 bytes JMP 00000001718530a0 .text C:\Users\Damian\Downloads\eu0m7ivc.exe[4200] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074df7a5c 5 bytes JMP 0000000171853020 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\winlogon.exe[556] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefa772840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[556] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefa772720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[556] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefa772840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[556] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefa772720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1328] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefa772840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1328] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefa772720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1328] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefa772840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1328] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefa772720] c:\windows\system32\uxtuneup.dll ---- EOF - GMER 2.1 ----