GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-14 10:02:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: 7qtsfwvh.exe; Driver: C:\Users\Adam\AppData\Local\Temp\aftcqaow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ded000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ded02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd350228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd350260 .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1400] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075368791 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076d01465 2 bytes [D0, 76] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076d014bb 2 bytes [D0, 76] .text ... * 2 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075361f0e 7 bytes JMP 0000000174d03df0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075365bad 7 bytes JMP 0000000174d04100 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075371409 7 bytes JMP 0000000174d03f30 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007537ea45 7 bytes JMP 0000000174d03de0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075408e24 7 bytes JMP 0000000174d03b50 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075408ea9 5 bytes JMP 0000000174d03c00 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000754091ff 5 bytes JMP 0000000174d03b60 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077101d29 5 bytes JMP 0000000174d03ae0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077101dd7 5 bytes JMP 0000000174d03a90 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077102ab1 5 bytes JMP 0000000174d03c10 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077102d17 5 bytes JMP 0000000174d03870 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007548e96b 5 bytes JMP 0000000174d033c0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007548eba5 5 bytes JMP 0000000174d033d0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076288a29 5 bytes JMP 0000000174d03350 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076294572 5 bytes JMP 0000000174d037f0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762ae567 5 bytes JMP 0000000174d03860 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762d07d7 5 bytes JMP 0000000174d03280 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762e7a5c 5 bytes JMP 0000000174d037e0 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769d5ea5 5 bytes JMP 0000000174d03300 .text C:\Program Files\Tablet\Wacom\WacomHost.exe[1628] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a09d0b 5 bytes JMP 0000000174d03290 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef97ddc88 5 bytes JMP 000007fff97b00d8 .text C:\Windows\system32\Dwm.exe[1856] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef97dde10 5 bytes JMP 000007fff97b0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd350228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd350260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef83f2460 5 bytes JMP 000007fefd3502d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2224] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef84296b0 6 bytes JMP 000007fefd350298 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075361f0e 7 bytes JMP 0000000174d03df0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075365bad 7 bytes JMP 0000000174d04100 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075371409 7 bytes JMP 0000000174d03f30 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007537ea45 7 bytes JMP 0000000174d03de0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075408e24 7 bytes JMP 0000000174d03b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075408ea9 5 bytes JMP 0000000174d03c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000754091ff 5 bytes JMP 0000000174d03b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077101d29 5 bytes JMP 0000000174d03ae0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077101dd7 5 bytes JMP 0000000174d03a90 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077102ab1 5 bytes JMP 0000000174d03c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077102d17 5 bytes JMP 0000000174d03870 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076288a29 5 bytes JMP 0000000174d03350 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076294572 5 bytes JMP 0000000174d037f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762ae567 5 bytes JMP 0000000174d03860 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762d07d7 5 bytes JMP 0000000174d03280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762e7a5c 5 bytes JMP 0000000174d037e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007548e96b 5 bytes JMP 0000000174d033c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007548eba5 5 bytes JMP 0000000174d033d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769d5ea5 5 bytes JMP 0000000174d03300 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a09d0b 5 bytes JMP 0000000174d03290 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd350228 .text D:\TuneUpUtilitiesApp64.exe[2764] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd350260 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd290180 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd2900d8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd290148 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd290110 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\ole32.DLL!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd290228 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\ole32.DLL!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd290260 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd2901f0 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd2901b8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[2976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd350228 .text C:\Windows\System32\igfxpers.exe[3056] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd350260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2612] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007724a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077253f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007726ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007727f2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000772a9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772b94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772d87e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd362db0 5 bytes JMP 000007fffd350180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3637d0 7 bytes JMP 000007fffd3500d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd368ef0 6 bytes JMP 000007fffd350148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd37af60 5 bytes JMP 000007fffd350110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefefe89e0 8 bytes JMP 000007fffd3501f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefefebe40 8 bytes JMP 000007fffd3501b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6a7490 11 bytes JMP 000007fffd350228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[2576] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6bbf00 7 bytes JMP 000007fffd350260 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075361f0e 7 bytes JMP 0000000174d03df0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075365bad 7 bytes JMP 0000000174d04100 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075371409 7 bytes JMP 0000000174d03f30 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007537ea45 7 bytes JMP 0000000174d03de0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075408e24 7 bytes JMP 0000000174d03b50 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075408ea9 5 bytes JMP 0000000174d03c00 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000754091ff 5 bytes JMP 0000000174d03b60 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077101d29 5 bytes JMP 0000000174d03ae0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077101dd7 5 bytes JMP 0000000174d03a90 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077102ab1 5 bytes JMP 0000000174d03c10 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077102d17 5 bytes JMP 0000000174d03870 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007548e96b 5 bytes JMP 0000000174d033c0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007548eba5 5 bytes JMP 0000000174d033d0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076288a29 5 bytes JMP 0000000174d03350 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076294572 5 bytes JMP 0000000174d037f0 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000762ae567 5 bytes JMP 0000000174d03860 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000762d07d7 5 bytes JMP 0000000174d03280 .text C:\Users\Adam\Downloads\7qtsfwvh.exe[5116] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000762e7a5c 5 bytes JMP 0000000174d037e0 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2164:3928] 000007feef2f9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\20689d9db92e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\20689d9db92e (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Adam\AppData\Local\Temp\others 3 bytes ---- EOF - GMER 2.1 ----