GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-16 22:12:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EXT0 111,79GB Running: 4pimjuun.exe; Driver: C:\Users\E531\AppData\Local\Temp\kwloapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000073581825 2 bytes JMP 76e96125 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000073581830 2 bytes JMP 76e96145 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000007358183b 2 bytes JMP 76e96165 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000073581846 2 bytes JMP 76e95a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000073581851 2 bytes JMP 76e96185 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000007358185c 2 bytes JMP 76e96265 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000073581867 2 bytes JMP 76e96285 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000073581872 2 bytes JMP 76e962a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000007358187d 2 bytes JMP 76e962c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000073581888 2 bytes JMP 76e95a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000073581893 2 bytes JMP 76e962e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000007358189e 2 bytes JMP 76e95aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 00000000735818a9 2 bytes JMP 76e96305 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 00000000735818b4 2 bytes JMP 76e96325 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 00000000735818bf 2 bytes JMP 76e61fcb C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 00000000735818ca 2 bytes JMP 76e96365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 00000000735818d5 2 bytes JMP 76e95ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 00000000735818e0 2 bytes JMP 76e95b45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 00000000735818eb 2 bytes JMP 76e95b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 00000000735818f6 2 bytes JMP 76e968c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000073581901 2 bytes JMP 76e95a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000007358190c 2 bytes JMP 76e968e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000073581917 2 bytes JMP 76e96925 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000073581922 2 bytes JMP 76e95ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000007358192d 2 bytes JMP 76e96945 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000073581938 2 bytes JMP 76e96965 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000073581943 2 bytes JMP 76e96985 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000007358194e 2 bytes JMP 76e969a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000073581959 2 bytes JMP 76e969c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000073581964 2 bytes JMP 76e969e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000007358196f 2 bytes JMP 76e96a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000007358197a 2 bytes JMP 76e96a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000073581985 2 bytes JMP 76e96a45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000073581990 2 bytes JMP 76e96a65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000007358199b 2 bytes JMP 76e96a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 00000000735819a6 2 bytes JMP 76e96aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 00000000735819b1 2 bytes JMP 76e96ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 00000000735819bc 2 bytes JMP 76e96ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 00000000735819c7 2 bytes JMP 76e96b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 00000000735819d2 2 bytes JMP 76e96b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 00000000735819dd 2 bytes JMP 76e95b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 00000000735819e8 2 bytes JMP 76e96b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 00000000735819f3 2 bytes JMP 76e96b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 00000000735819fe 2 bytes JMP 76e96bc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000073581a09 2 bytes JMP 76e96be3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000073581a14 2 bytes JMP 76e96c03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000073581a1f 2 bytes JMP 76e95b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000073581a2a 2 bytes JMP 76e96c23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000073581a35 2 bytes JMP 76e96c43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000073581a40 2 bytes JMP 76e96c63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000073581a4b 2 bytes JMP 76e96c83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000073581a56 2 bytes JMP 76e96ca3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000073581a61 2 bytes JMP 76e96cc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000073581a6c 2 bytes JMP 76e95ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000073581a77 2 bytes JMP 76e96ce3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000073581a82 2 bytes JMP 76e96d03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2180] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000073581ab2 2 bytes JMP 76dbdc75 C:\Windows\syswow64\msvcrt.dll .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcf92db0 5 bytes JMP 000007fffcf80180 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcf937d0 7 bytes JMP 000007fffcf800d8 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcf98ef0 6 bytes JMP 000007fffcf80148 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcfaaf60 5 bytes JMP 000007fffcf80110 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefee889f0 8 bytes JMP 000007fffcf801f0 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefee8be50 8 bytes JMP 000007fffcf801b8 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef3f6dc88 5 bytes JMP 000007fff3d600d8 .text C:\Windows\system32\Dwm.exe[2748] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef3f6de10 5 bytes JMP 000007fff3d60110 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes JMP 76cab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes JMP 76cab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes JMP 76d28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes CALL 76c848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes JMP 76d287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes JMP 76d28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes JMP 76d28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes JMP 76d28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes JMP 76c9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes JMP 76ca68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes JMP 76d28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes JMP 76d28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes JMP 76d2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes JMP 76c9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes JMP 76cab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes JMP 76d28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes JMP 76d285f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000730c11a8 2 bytes [0C, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000730c127d 2 bytes CALL 76c814b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000730c1310 2 bytes CALL 76c814b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000730c13a8 2 bytes [0C, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000730c1422 2 bytes [0C, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000730c1498 2 bytes [0C, 73] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000073581825 2 bytes JMP 76e96125 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000073581830 2 bytes JMP 76e96145 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000007358183b 2 bytes JMP 76e96165 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000073581846 2 bytes JMP 76e95a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000073581851 2 bytes JMP 76e96185 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000007358185c 2 bytes JMP 76e96265 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000073581867 2 bytes JMP 76e96285 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000073581872 2 bytes JMP 76e962a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000007358187d 2 bytes JMP 76e962c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000073581888 2 bytes JMP 76e95a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000073581893 2 bytes JMP 76e962e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000007358189e 2 bytes JMP 76e95aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 00000000735818a9 2 bytes JMP 76e96305 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 00000000735818b4 2 bytes JMP 76e96325 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 00000000735818bf 2 bytes JMP 76e61fcb C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 00000000735818ca 2 bytes JMP 76e96365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 00000000735818d5 2 bytes JMP 76e95ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 00000000735818e0 2 bytes JMP 76e95b45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 00000000735818eb 2 bytes JMP 76e95b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 00000000735818f6 2 bytes JMP 76e968c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000073581901 2 bytes JMP 76e95a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000007358190c 2 bytes JMP 76e968e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000073581917 2 bytes JMP 76e96925 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000073581922 2 bytes JMP 76e95ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000007358192d 2 bytes JMP 76e96945 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000073581938 2 bytes JMP 76e96965 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000073581943 2 bytes JMP 76e96985 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000007358194e 2 bytes JMP 76e969a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000073581959 2 bytes JMP 76e969c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000073581964 2 bytes JMP 76e969e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000007358196f 2 bytes JMP 76e96a05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000007358197a 2 bytes JMP 76e96a25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000073581985 2 bytes JMP 76e96a45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000073581990 2 bytes JMP 76e96a65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000007358199b 2 bytes JMP 76e96a85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 00000000735819a6 2 bytes JMP 76e96aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 00000000735819b1 2 bytes JMP 76e96ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 00000000735819bc 2 bytes JMP 76e96ae5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 00000000735819c7 2 bytes JMP 76e96b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 00000000735819d2 2 bytes JMP 76e96b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 00000000735819dd 2 bytes JMP 76e95b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 00000000735819e8 2 bytes JMP 76e96b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 00000000735819f3 2 bytes JMP 76e96b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 00000000735819fe 2 bytes JMP 76e96bc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000073581a09 2 bytes JMP 76e96be3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000073581a14 2 bytes JMP 76e96c03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000073581a1f 2 bytes JMP 76e95b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000073581a2a 2 bytes JMP 76e96c23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000073581a35 2 bytes JMP 76e96c43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000073581a40 2 bytes JMP 76e96c63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000073581a4b 2 bytes JMP 76e96c83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000073581a56 2 bytes JMP 76e96ca3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000073581a61 2 bytes JMP 76e96cc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000073581a6c 2 bytes JMP 76e95ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000073581a77 2 bytes JMP 76e96ce3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000073581a82 2 bytes JMP 76e96d03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[4228] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000073581ab2 2 bytes JMP 76dbdc75 C:\Windows\syswow64\msvcrt.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075f31401 2 bytes JMP 76cab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075f31419 2 bytes JMP 76cab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075f31431 2 bytes JMP 76d28ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075f3144a 2 bytes CALL 76c848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075f314dd 2 bytes JMP 76d287a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075f314f5 2 bytes JMP 76d28978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075f3150d 2 bytes JMP 76d28698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075f31525 2 bytes JMP 76d28a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075f3153d 2 bytes JMP 76c9fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075f31555 2 bytes JMP 76ca68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075f3156d 2 bytes JMP 76d28f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075f31585 2 bytes JMP 76d28ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075f3159d 2 bytes JMP 76d2865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075f315b5 2 bytes JMP 76c9fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075f315cd 2 bytes JMP 76cab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075f316b2 2 bytes JMP 76d28e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075f316bd 2 bytes JMP 76d285f1 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2d12026 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2d12026@402ba1fc6c1c 0xC7 0xE4 0x97 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\services\pla\Configuration@RPCEndPoint {B2993CA7-968E-42C2-AAF9-B06B89B76FB1} Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2d12026 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2d12026@402ba1fc6c1c 0xC7 0xE4 0x97 0x99 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----