GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-05 18:31:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000077 ST1000LM rev.2AR1 931,51GB Running: 07m6dgc6.exe; Driver: C:\Users\Mateo\AppData\Local\Temp\pwddikog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88005428d8c 12 bytes {MOV RAX, 0xfffffa80079f42a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000165700 7 bytes [80, 4F, F3, FF, 01, 59, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000165708 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1000] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 00000000775c9010 4 bytes [C3, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8e6d10 11 bytes JMP 000007fefd870228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1272] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fb4f0 7 bytes JMP 000007fefd870260 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef855dc88 5 bytes JMP 000007fef85300d8 .text C:\Windows\system32\Dwm.exe[1704] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef855de10 5 bytes JMP 000007fef8530110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8600d8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd860180 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd860110 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd860148 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8601f0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8601b8 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8e6d10 11 bytes JMP 000007fefd860228 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1772] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fb4f0 7 bytes JMP 000007fefd860260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000000b48c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000072a52bc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075925e75 5 bytes JMP 0000000072a52b80 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075959cbb 5 bytes JMP 0000000072a52b10 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8e6d10 11 bytes JMP 000007fefd870228 .text C:\Windows\system32\taskeng.exe[2360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fb4f0 7 bytes JMP 000007fefd870260 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000072a53820 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000072a52bc0 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075925e75 5 bytes JMP 0000000072a52b80 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075959cbb 5 bytes JMP 0000000072a52b10 .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072a91003 2 bytes [A9, 72] .text C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe[2600] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072a91016 2 bytes [A9, 72] .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000072a53820 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000072a52bc0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075925e75 5 bytes JMP 0000000072a52b80 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075959cbb 5 bytes JMP 0000000072a52b10 .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072a91003 2 bytes [A9, 72] .text C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe[2728] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072a91016 2 bytes [A9, 72] .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd6b00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd6b0180 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd6b0110 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd6b0148 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd6b01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd6b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3172] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8e6d10 11 bytes JMP 000007fefd870228 .text C:\Windows\system32\igfxEM.exe[3636] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fb4f0 7 bytes JMP 000007fefd870260 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000775ba3e0 7 bytes JMP 000000006fff0228 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000775c3ef0 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000775dfff0 5 bytes JMP 000000006fff01b8 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775ef3e0 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077619c70 7 bytes JMP 000000006fff00d8 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077629700 5 bytes JMP 000000006fff0148 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077648aa0 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8832f0 7 bytes JMP 000007fefd8700d8 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd88aa60 5 bytes JMP 000007fefd870180 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd88ac00 5 bytes JMP 000007fefd870110 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd899ac0 5 bytes JMP 000007fefd870148 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe3d8a00 8 bytes JMP 000007fefd8701f0 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe3dbe60 8 bytes JMP 000007fefd8701b8 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff8e6d10 11 bytes JMP 000007fefd870228 .text C:\Windows\system32\igfxHK.exe[3648] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff8fb4f0 7 bytes JMP 000007fefd870260 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000072a53820 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075925e75 5 bytes JMP 0000000072a52b80 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075959cbb 5 bytes JMP 0000000072a52b10 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000072a52bc0 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Program Files (x86)\NetSetMan\netsetman.exe[3888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000072a53820 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bb8a39 5 bytes JMP 0000000072a52bc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075925e75 5 bytes JMP 0000000072a52b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075959cbb 5 bytes JMP 0000000072a52b10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072a91003 2 bytes [A9, 72] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3096] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072a91016 2 bytes [A9, 72] .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000755c1f0e 7 bytes JMP 0000000072a53cf0 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000755c5bad 7 bytes JMP 0000000072a54330 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000755d1431 7 bytes JMP 0000000072a53f40 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000755dea85 7 bytes JMP 0000000072a53ce0 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 000000007566906c 7 bytes JMP 0000000072a53760 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000756690f1 5 bytes JMP 0000000072a53810 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075669447 5 bytes JMP 0000000072a53770 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075cb1e4c 5 bytes JMP 0000000072a53720 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075cb1efa 5 bytes JMP 0000000072a536e0 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075cb2bdc 5 bytes JMP 0000000072a53820 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075cb2e7e 5 bytes JMP 0000000072a53520 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075a8d2b4 5 bytes JMP 0000000072a52d00 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075a8d4ee 5 bytes JMP 0000000072a52d10 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075bc4582 5 bytes JMP 0000000072a534a0 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075bde587 5 bytes JMP 0000000072a53510 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075c008ab 5 bytes JMP 0000000072a52a00 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075c17b24 5 bytes JMP 0000000072a53480 .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 0000000072a91003 2 bytes [A9, 72] .text C:\Users\Mateo\Desktop\FRST\07m6dgc6.exe[3536] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 0000000072a91016 2 bytes [A9, 72] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001059f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001059cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800105a69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800105aa98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800105a8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa8003c952c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 fffffa8003c952c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8003c952c0 Device \Driver\azlo6x98 \Device\Scsi\azlo6x981 fffffa800734e2c0 Device \FileSystem\Ntfs \Ntfs fffffa80046382c0 Device \Driver\iaStorA \Device\00000078 fffffa80046342c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8007b4d2c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa80046342c0 Device \Driver\cdrom \Device\CdRom0 fffffa80073312c0 Device \Driver\cdrom \Device\CdRom1 fffffa80073312c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0227BEB2-543B-4832-B477-7F523AA5F37B} fffffa800727f2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8007b4d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{878193AE-DC3E-47CD-A138-8CFF9FC1CC7F} fffffa800727f2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{853548C5-E024-4B30-824B-EE72D26CED3C} fffffa800727f2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8007b4d2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800727f2c0 Device \Driver\iaStorA \Device\00000077 fffffa80046342c0 Device \Driver\atapi \Device\ScsiPort0 fffffa8003c952c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8007b4d2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8003c952c0 Device \Driver\iaStorA \Device\ScsiPort2 fffffa80046342c0 Device \Driver\azlo6x98 \Device\ScsiPort3 fffffa800734e2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa80046342c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa80046342c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f47790] fffffa8004f47790 Trace 3 CLASSPNP.SYS[fffff8800216343f] -> nt!IofCallDriver -> [0xfffffa8004e5fc50] fffffa8004e5fc50 Trace 5 iaStorF.sys[fffff880020fff84] -> nt!IofCallDriver -> \Device\00000077[0xfffffa8004b849c0] fffffa8004b849c0 Trace \Driver\iaStorA[0xfffffa8004b49e70] -> IRP_MJ_CREATE -> 0xfffffa80046342c0 fffffa80046342c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\azlo6x98.SYS fffff880053ad000-fffff880053fe000 (331776 bytes) ---- EOF - GMER 2.2 ----