GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-02 01:17:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LM0 rev.2AR1 698,64GB Running: z8vsb05t.exe; Driver: C:\Users\Iwonka\AppData\Local\Temp\kwriapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077148781 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007fefd4202b8 .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa214b60 5 bytes JMP 000007fefd420238 .text C:\Windows\system32\taskhost.exe[2028] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa214ba0 5 bytes JMP 000007fefd4201b8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd2b00b8 .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xffffffffffe751f8} .text C:\Windows\system32\Dwm.exe[1872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd2b0038 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007fefd4202b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa214b60 5 bytes JMP 000007fefd420238 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2756] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa214ba0 5 bytes JMP 000007fefd4201b8 .text C:\Windows\system32\taskeng.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Windows\system32\taskeng.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\taskeng.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\taskeng.exe[2724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4000] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000771448cb 5 bytes JMP 00000001003e2710 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4000] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000771448e3 5 bytes JMP 00000001003e27f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4000] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077144915 5 bytes JMP 00000001003e2780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000763b9d0b 5 bytes JMP 00000001003e2850 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3712] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000771448cb 5 bytes JMP 0000000100492710 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3712] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000771448e3 5 bytes JMP 00000001004927f0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3712] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077144915 5 bytes JMP 0000000100492780 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3712] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000763b9d0b 5 bytes JMP 0000000100492850 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000771448cb 5 bytes JMP 0000000100892710 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000771448e3 5 bytes JMP 00000001008927f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077144915 5 bytes JMP 0000000100892780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000763b9d0b 5 bytes JMP 0000000100892850 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000771448cb 5 bytes JMP 0000000100902710 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000771448e3 5 bytes JMP 00000001009027f0 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077144915 5 bytes JMP 0000000100902780 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000763b9d0b 5 bytes JMP 0000000100902850 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000771448cb 5 bytes JMP 0000000102522710 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000771448e3 5 bytes JMP 00000001025227f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077144915 5 bytes JMP 0000000102522780 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2852] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000763b9d0b 5 bytes JMP 0000000102522850 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007fefd4202b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa214b60 5 bytes JMP 000007fefd420238 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa214ba0 5 bytes JMP 000007fefd4201b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fee98e6944 5 bytes JMP 000007fefd4203b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2536] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fee9905a84 5 bytes JMP 000007fefd420338 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3908] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Realtek\Audio\HDA\FMAPP.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\igfxtray.exe[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Windows\system32\igfxtray.exe[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\igfxtray.exe[4148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\igfxtray.exe[4148] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Windows\system32\hkcmd.exe[4180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Windows\system32\hkcmd.exe[4180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\hkcmd.exe[4180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\hkcmd.exe[4180] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Windows\system32\igfxpers.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Windows\system32\igfxpers.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Windows\system32\igfxpers.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Windows\system32\igfxpers.exe[4252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4312] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[4312] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd4200b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xfffffffffffe51f8} .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd420038 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd420138 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007fefd4202b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa214b60 5 bytes JMP 000007fefd420238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4760] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa214ba0 5 bytes JMP 000007fefd4201b8 .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a81401 2 bytes JMP 7716b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a81419 2 bytes JMP 7716b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a81431 2 bytes JMP 771e8f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a8144a 2 bytes CALL 7714489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a814dd 2 bytes JMP 771e8822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a814f5 2 bytes JMP 771e89f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a8150d 2 bytes JMP 771e8718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a81525 2 bytes JMP 771e8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a8153d 2 bytes JMP 7715fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a81555 2 bytes JMP 771668ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a8156d 2 bytes JMP 771e8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a81585 2 bytes JMP 771e8b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a8159d 2 bytes JMP 771e86dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a815b5 2 bytes JMP 7715fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a815cd 2 bytes JMP 7716b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a816b2 2 bytes JMP 771e8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4528] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a816bd 2 bytes JMP 771e8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000773b6420 5 bytes JMP 0000000169ff0038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd43aec0 1 byte JMP 000007fffd2900b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 2 000007fefd43aec2 3 bytes {JMP 0xffffffffffe551f8} .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd43ca30 5 bytes JMP 000007fffd290038 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe1d74a0 5 bytes JMP 000007fffd290138 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007fefd2902b8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\WINMM.dll!waveOutPause 000007fefa214b60 5 bytes JMP 000007fefd290238 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4612] C:\Windows\system32\WINMM.dll!waveOutRestart 000007fefa214ba0 5 bytes JMP 000007fefd2901b8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9d833c4 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3B27B3C4-76AD-48A7-9F17-90FC70BD429F}@LeaseObtainedTime 1438468454 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3B27B3C4-76AD-48A7-9F17-90FC70BD429F}@T1 1438468754 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3B27B3C4-76AD-48A7-9F17-90FC70BD429F}@T2 1438922054 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3B27B3C4-76AD-48A7-9F17-90FC70BD429F}@LeaseTerminatesTime 1439073254 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9d833c4 (not active ControlSet) ---- EOF - GMER 2.1 ----