GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-20 20:42:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007b ST1000LM rev.2BA3 931,51GB Running: gmer.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\pwldapob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefd6d10 11 bytes JMP 000007fefce40228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1648] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefeb4f0 7 bytes JMP 000007fefce40260 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef94bdc88 5 bytes JMP 000007fef94900d8 .text C:\Windows\system32\Dwm.exe[2604] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef94bde10 5 bytes JMP 000007fef9490110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefd6d10 11 bytes JMP 000007fefce40228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3080] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefeb4f0 7 bytes JMP 000007fefce40260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3116] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007feed3e2460 5 bytes JMP 000007fefce402d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007feed4196b0 6 bytes JMP 000007fefce40298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef94bdc88 5 bytes JMP 000007fef94900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2376] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef94bde10 5 bytes JMP 000007fef9490110 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefd6d10 11 bytes JMP 000007fefce40228 .text C:\Windows\System32\igfxpers.exe[4224] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefeb4f0 7 bytes JMP 000007fefce40260 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[4368] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefefd6d10 11 bytes JMP 000007fefce40228 .text C:\Program Files\IDT\WDM\sttray64.exe[4404] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefefeb4f0 7 bytes JMP 000007fefce40260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c9a3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076ca3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076cbfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076ccf3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cf9c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076d09700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d28aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefce532f0 7 bytes JMP 000007fefce400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefce5aa60 5 bytes JMP 000007fefce40180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefce5ac00 5 bytes JMP 000007fefce40110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefce69ac0 5 bytes JMP 000007fefce40148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89d0 8 bytes JMP 000007fefce401f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fefce401b8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076701401 2 bytes JMP 7639b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076701419 2 bytes JMP 7639b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076701431 2 bytes JMP 764190f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007670144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767014dd 2 bytes JMP 764189ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767014f5 2 bytes JMP 76418bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007670150d 2 bytes JMP 764188e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076701525 2 bytes JMP 76418caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007670153d 2 bytes JMP 7638fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076701555 2 bytes JMP 76396937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007670156d 2 bytes JMP 764191a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076701585 2 bytes JMP 76418d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007670159d 2 bytes JMP 764188a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767015b5 2 bytes JMP 7638fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767015cd 2 bytes JMP 7639b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767016b2 2 bytes JMP 7641906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767016bd 2 bytes JMP 76418839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076371f0e 7 bytes JMP 0000000070483cf0 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076375bad 7 bytes JMP 0000000070484330 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076381431 7 bytes JMP 0000000070483f40 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007638ea85 7 bytes JMP 0000000070483ce0 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007641906c 7 bytes JMP 0000000070483760 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764190f1 5 bytes JMP 0000000070483810 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076419447 5 bytes JMP 0000000070483770 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cc1e4c 5 bytes JMP 0000000070483720 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cc1efa 5 bytes JMP 00000000704836e0 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cc2bdc 5 bytes JMP 0000000070483820 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cc2e7e 5 bytes JMP 0000000070483520 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c58a39 5 bytes JMP 0000000070482bc0 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c64582 5 bytes JMP 00000000704834a0 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c7e587 5 bytes JMP 0000000070483510 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074ca08ab 5 bytes JMP 0000000070482a00 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074cb7b24 5 bytes JMP 0000000070483480 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d1d2b4 5 bytes JMP 0000000070482d00 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d1d4ee 5 bytes JMP 0000000070482d10 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074ae5e75 5 bytes JMP 0000000070482b80 .text C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe[6968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b19cbb 5 bytes JMP 0000000070482b10 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076371f0e 7 bytes JMP 0000000070483cf0 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076375bad 7 bytes JMP 0000000070484330 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076381431 7 bytes JMP 0000000070483f40 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007638ea85 7 bytes JMP 0000000070483ce0 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007641906c 7 bytes JMP 0000000070483760 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000764190f1 5 bytes JMP 0000000070483810 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076419447 5 bytes JMP 0000000070483770 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cc1e4c 5 bytes JMP 0000000070483720 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cc1efa 5 bytes JMP 00000000704836e0 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cc2bdc 5 bytes JMP 0000000070483820 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cc2e7e 5 bytes JMP 0000000070483520 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d1d2b4 5 bytes JMP 0000000070482d00 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d1d4ee 5 bytes JMP 0000000070482d10 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c64582 5 bytes JMP 00000000704834a0 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c7e587 5 bytes JMP 0000000070483510 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000074ca08ab 5 bytes JMP 0000000070482a00 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074cb7b24 5 bytes JMP 0000000070483480 .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000704b1003 2 bytes [4B, 70] .text C:\Users\Sebastian\Downloads\Compressed\gmer.exe[1696] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000704b1016 2 bytes [4B, 70] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88002568ad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[msvcrt.dll!strncpy_s] [7fefe8430e0] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[msvcrt.dll!strcat_s] [7fefe8427dc] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[msvcrt.dll!strcpy_s] [7fefe841000] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[msvcrt.dll!sprintf_s] [7fefe843d24] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[msvcrt.dll!_stricmp] [7fefe882954] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!NdrOleAllocate] [76db8e60] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_Connect] [76dd0118] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [76dc7724] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [76dbf990] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [76db8a08] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [76dc62e0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [76db7d60] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [76dc0a80] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [76dc9964] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!IUnknown_Release_Proxy] [76dc9740] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [76dc9010] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!NdrDllGetClassObject] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!NdrOleFree] [7fefe880b58] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [7fefe84137c] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [7fefe848e28] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [7fefe8410ac] C:\Windows\system32\msvcrt.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ntdll.dll!VerSetConditionMask] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserUnmarshal64] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserMarshal] [7fefefd6d10] C:\Windows\system32\ole32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserUnmarshal] [7fefefb8da0] C:\Windows\system32\ole32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoRevokeClassObject] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserFree64] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoTaskMemFree] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoRegisterPSClsid] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoInitialize] [7fef743550c] C:\Windows\system32\MAPI32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoUninitialize] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoCreateInstance] [4a5bc99500000000] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserMarshal64] [200000000] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserFree] [27a800000023] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserSize64] [1ba8] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!HWND_UserSize] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoTaskMemAlloc] [7fef7438af0] C:\Windows\system32\MAPI32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[ole32.dll!CoRegisterClassObject] [7fef7438b90] C:\Windows\system32\MAPI32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetLastError] [76c98930] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!lstrcmpiA] [76cde8e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetProcAddress] [76ca6b90] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!CopyFileA] [76cb05e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!DisableThreadLibraryCalls] [76ca4720] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetSystemDirectoryA] [76cb1910] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!VerifyVersionInfoA] [76ca5c10] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GlobalAlloc] [76ca5990] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!ExpandEnvironmentStringsA] [76ca3370] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetProcessHeap] [76ca4ee0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetTickCount] [76ca33d0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetSystemDefaultLCID] [76cdc0b0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!WaitForSingleObject] [76ca5180] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetUserDefaultLCID] [76d2baa0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!HeapFree] [76ca9010] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!FreeLibrary] [76c92870] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!OpenFile] [76cb1a00] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!lstrcmpA] [76cf6c10] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GlobalFree] [76cf2270] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!LoadLibraryA] [76cb19e0] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [76ca3c30] C:\Windows\system32\kernel32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!QueryPerformanceCounter] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [7fefcff1040] C:\Windows\system32\OLEAUT32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!UnhandledExceptionFilter] [7fefcff13f0] C:\Windows\system32\OLEAUT32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!DelayLoadFailureHook] [7fefcff1320] C:\Windows\system32\OLEAUT32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!DeleteFileA] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!LocalFree] [7fefdb4f9a0] C:\Windows\system32\SHELL32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!CloseHandle] [7fefdcd1d80] C:\Windows\system32\SHELL32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetVersionExA] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!LocalAlloc] [7fefd3f69a0] C:\Windows\system32\SHLWAPI.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!CompareStringA] [7fefd3fc984] C:\Windows\system32\SHLWAPI.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!LoadLibraryExA] [7fefd403920] C:\Windows\system32\SHLWAPI.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetModuleHandleA] [0] IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!GetModuleFileNameA] [76dbfab0] C:\Windows\system32\USER32.dll IAT C:\Windows\Explorer.EXE[444] @ C:\Windows\system32\MAPI32.dll[KERNEL32.dll!MoveFileA] [76dbd270] C:\Windows\system32\USER32.dll IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [77060000] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\kernel32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\KERNELBASE.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77060000] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\USER32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\GDI32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\ole32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77060000] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77060000] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [77060000] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\System32\CRYPT32.dll[ntdll.dll!NtClose] [77060010] IAT C:\Windows\system32\AUDIODG.EXE[5572] @ C:\Windows\system32\SHELL32.dll[ntdll.dll!NtClose] [77060010] ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f81654566471 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f81654566471@34be00464985 0x38 0xBF 0xC7 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45CB0FC4-85DC-4829-9A79-0053858C2D47}@InterfaceName isatap.{10A670CA-4A08-4C7E-AE1C-71B6FC843726} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45CB0FC4-85DC-4829-9A79-0053858C2D47}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F2C76343-73A4-4BE3-92D1-0AF3A29ECD9B}@InterfaceName isatap.{9C91F368-A853-41E3-813A-5586BC930814} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F2C76343-73A4-4BE3-92D1-0AF3A29ECD9B}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f81654566471 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f81654566471@34be00464985 0x38 0xBF 0xC7 0xB4 ... ---- EOF - GMER 2.2 ----