GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-26 17:40:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: lp0q2f7v.exe; Driver: C:\Users\Gloria\AppData\Local\Temp\pwdyapow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[2552] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071cc17fa 2 bytes CALL 75c811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2552] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071cc1860 2 bytes CALL 75c811a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071cc1942 2 bytes JMP 75956da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2552] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071cc194d 2 bytes JMP 7595e8de C:\Windows\syswow64\WS2_32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c81f0e 7 bytes JMP 00000000703e3b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c85bad 7 bytes JMP 00000000703e41b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c91431 7 bytes JMP 00000000703e3dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c9ea85 7 bytes JMP 00000000703e3b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075d2906c 7 bytes JMP 00000000703e36a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075d290f1 5 bytes JMP 00000000703e3750 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075d29447 5 bytes JMP 00000000703e36b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000703e3660 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 00000000703e3620 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 00000000703e3760 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 00000000703e3460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8b9a 5 bytes JMP 00000000703e2b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4c48 5 bytes JMP 00000000703e33e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770b6bdc 5 bytes JMP 00000000703e3450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f092e 5 bytes JMP 00000000703e2940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107bec 5 bytes JMP 00000000703e33c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007746e74f 5 bytes JMP 00000000703e2c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007746e989 5 bytes JMP 00000000703e2c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000775c5e75 5 bytes JMP 00000000703e2ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3556] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000775f9cbb 5 bytes JMP 00000000703e2a50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c81f0e 7 bytes JMP 00000000703e3b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c85bad 7 bytes JMP 00000000703e41b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c91431 7 bytes JMP 00000000703e3dc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c9ea85 7 bytes JMP 00000000703e3b50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075d2906c 7 bytes JMP 00000000703e36a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075d290f1 5 bytes JMP 00000000703e3750 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075d29447 5 bytes JMP 00000000703e36b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000703e3660 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 00000000703e3620 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 00000000703e3760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 00000000703e3460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007746e74f 5 bytes JMP 00000000703e2c40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007746e989 5 bytes JMP 00000000703e2c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8b9a 5 bytes JMP 00000000703e2b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4c48 5 bytes JMP 00000000703e33e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770b6bdc 5 bytes JMP 00000000703e3450 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f092e 5 bytes JMP 00000000703e2940 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107bec 5 bytes JMP 00000000703e33c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000775c5e75 5 bytes JMP 00000000703e2ac0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000775f9cbb 5 bytes JMP 00000000703e2a50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c81f0e 7 bytes JMP 00000000703e3b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c85bad 7 bytes JMP 00000000703e41b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c91431 7 bytes JMP 00000000703e3dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c9ea85 7 bytes JMP 00000000703e3b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075d2906c 7 bytes JMP 00000000703e36a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075d290f1 5 bytes JMP 00000000703e3750 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075d29447 5 bytes JMP 00000000703e36b0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000703e3660 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 00000000703e3620 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 00000000703e3760 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 00000000703e3460 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000775c5e75 5 bytes JMP 00000000703e2ac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000775f9cbb 5 bytes JMP 00000000703e2a50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007746e74f 5 bytes JMP 00000000703e2c40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007746e989 5 bytes JMP 00000000703e2c50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8b9a 5 bytes JMP 00000000703e2b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4c48 5 bytes JMP 00000000703e33e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770b6bdc 5 bytes JMP 00000000703e3450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f092e 5 bytes JMP 00000000703e2940 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3088] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107bec 5 bytes JMP 00000000703e33c0 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075941401 2 bytes JMP 75cab263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075941419 2 bytes JMP 75cab38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075941431 2 bytes JMP 75d290f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007594144a 2 bytes CALL 75c848ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000759414dd 2 bytes JMP 75d289ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000759414f5 2 bytes JMP 75d28bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007594150d 2 bytes JMP 75d288e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075941525 2 bytes JMP 75d28caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007594153d 2 bytes JMP 75c9fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075941555 2 bytes JMP 75ca6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007594156d 2 bytes JMP 75d291a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075941585 2 bytes JMP 75d28d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007594159d 2 bytes JMP 75d288a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000759415b5 2 bytes JMP 75c9fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000759415cd 2 bytes JMP 75cab324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000759416b2 2 bytes JMP 75d2906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[6692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000759416bd 2 bytes JMP 75d28839 C:\Windows\syswow64\kernel32.dll .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075c81f0e 7 bytes JMP 00000000703e3b60 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075c85bad 7 bytes JMP 00000000703e41b0 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075c91431 7 bytes JMP 00000000703e3dc0 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075c9ea85 7 bytes JMP 00000000703e3b50 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075d2906c 7 bytes JMP 00000000703e36a0 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075d290f1 5 bytes JMP 00000000703e3750 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075d29447 5 bytes JMP 00000000703e36b0 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075881e4c 5 bytes JMP 00000000703e3660 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075881efa 5 bytes JMP 00000000703e3620 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075882bdc 5 bytes JMP 00000000703e3760 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075882e7e 5 bytes JMP 00000000703e3460 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007746e74f 5 bytes JMP 00000000703e2c40 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007746e989 5 bytes JMP 00000000703e2c50 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8b9a 5 bytes JMP 00000000703e2b00 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4c48 5 bytes JMP 00000000703e33e0 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770b6bdc 5 bytes JMP 00000000703e3450 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f092e 5 bytes JMP 00000000703e2940 .text C:\Users\Gloria\Downloads\lp0q2f7v.exe[5328] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107bec 5 bytes JMP 00000000703e33c0 ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4408:4236] 000007fefbca2af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4408:1640] 000007feebe78f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4408:5384] 000007fef5ad5124 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:6984] 0000000077427587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:7008] 000000006eb79946 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:6988] 0000000077b61697 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:1968] 0000000077b67ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:4668] 0000000077b67ad8 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6828:4120] 0000000077b67ad8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\606c662fe9ae (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\606c662fe9ae Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AF4F29EB-CA2C-45D2-9157-DEEAE102CA0E}@LeaseObtainedTime 1466951749 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AF4F29EB-CA2C-45D2-9157-DEEAE102CA0E}@T1 1466952030 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AF4F29EB-CA2C-45D2-9157-DEEAE102CA0E}@T2 1466952255 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AF4F29EB-CA2C-45D2-9157-DEEAE102CA0E}@LeaseTerminatesTime 1466952349 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\606c662fe9ae (not active ControlSet) ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.2 ----