GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-23 21:53:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXM0 119,24GB Running: 5b2hc14n.exe; Driver: C:\Users\Krystian\AppData\Local\Temp\fwdcipog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!XFORMOBJ_iGetFloatObjXform + 886 fffff96000080042 14 bytes {JMP QWORD [RIP+0x0]} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000135b00 7 bytes [40, 4D, F3, FF, C1, 5A, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000135b08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c7a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c83f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c9ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076caf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cd9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ce9710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d08ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd786d10 11 bytes JMP 000007fefcd50228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1676] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd79b4f0 7 bytes JMP 000007fefcd50260 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7badc88 5 bytes JMP 000007fef79a00d8 .text C:\Windows\system32\Dwm.exe[1932] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7bade10 5 bytes JMP 000007fef79a0110 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd786d10 11 bytes JMP 000007fefcd50228 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd79b4f0 7 bytes JMP 000007fefcd50260 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c7a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c83f00 5 bytes JMP 000000006fff0180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c9ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076caf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cd9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ce9710 5 bytes JMP 000000006fff0148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d08ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c7a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c83f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c9ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076caf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cd9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ce9710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d08ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd786d10 11 bytes JMP 000007fefcd50228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2828] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd79b4f0 7 bytes JMP 000007fefcd50260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c7a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c83f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c9ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076caf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cd9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ce9710 5 bytes JMP 000000006fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d08ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd786d10 11 bytes JMP 000007fefcd50228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd79b4f0 7 bytes JMP 000007fefcd50260 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 00000000009f8c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006eb81003 2 bytes [B8, 6E] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3060] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006eb81016 2 bytes [B8, 6E] .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2040] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006eb81003 2 bytes [B8, 6E] .text C:\ProgramData\DatacardService\DCSHelper.exe[3476] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006eb81016 2 bytes [B8, 6E] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c7a3f0 7 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c83f00 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c9ffd0 5 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076caf3f0 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076cd9c80 7 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076ce9710 5 bytes JMP 000000006fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076d08ab0 7 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760a1401 2 bytes JMP 763fb233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760a1419 2 bytes JMP 763fb35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760a1431 2 bytes JMP 76479149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760a144a 2 bytes CALL 763d4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760a14dd 2 bytes JMP 76478a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760a14f5 2 bytes JMP 76478c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760a150d 2 bytes JMP 76478938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760a1525 2 bytes JMP 76478d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760a153d 2 bytes JMP 763efcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760a1555 2 bytes JMP 763f6907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760a156d 2 bytes JMP 76479201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760a1585 2 bytes JMP 76478d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760a159d 2 bytes JMP 764788fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760a15b5 2 bytes JMP 763efd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760a15cd 2 bytes JMP 763fb2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760a16b2 2 bytes JMP 764790c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760a16bd 2 bytes JMP 76478891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074ff8a29 5 bytes JMP 000000006e7737d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000765c5e75 5 bytes JMP 000000006e773790 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000765f9cbb 5 bytes JMP 000000006e773720 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 000000006eb81003 2 bytes [B8, 6E] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5264] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 000000006eb81016 2 bytes [B8, 6E] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefcd632f0 7 bytes JMP 000007fefcd500d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefcd6aa60 5 bytes JMP 000007fefcd50180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefcd6ac00 5 bytes JMP 000007fefcd50110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefcd79ac0 5 bytes JMP 000007fefcd50148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd2b8830 8 bytes JMP 000007fefcd501f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5588] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd2bb9e0 8 bytes JMP 000007fefcd501b8 .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076e91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e91434 8 bytes [A0, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000076e917bf 7 bytes [4B, F8, FF, 00, 00, 00, 00] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000076e919c4 8 bytes [80, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e91aa4 8 bytes [70, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e91c25 8 bytes [60, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e91d8f 8 bytes [50, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e91e75 8 bytes [40, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076e920d8 8 bytes [30, 4B, F8, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076edbc00 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076edbd80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076edbdb0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076edbed0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076edbf80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076edc5b0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076edc800 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076edd060 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071f9146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\firefox.exe[6508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076e91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e91434 8 bytes [A0, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000076e917bf 7 bytes [8B, F5, FF, 00, 00, 00, 00] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000076e919c4 8 bytes [80, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e91aa4 8 bytes [70, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e91c25 8 bytes [60, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e91d8f 8 bytes [50, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e91e75 8 bytes [40, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076e920d8 8 bytes [30, 8B, F5, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076edbc00 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076edbd80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076edbdb0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076edbed0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076edbf80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076edc5b0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076edc800 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076edd060 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071f9146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076e91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e91434 8 bytes [A0, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000076e917bf 7 bytes [3B, EA, FF, 00, 00, 00, 00] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000076e919c4 8 bytes [80, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e91aa4 8 bytes [70, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e91c25 8 bytes [60, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e91d8f 8 bytes [50, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e91e75 8 bytes [40, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076e920d8 8 bytes [30, 3B, EA, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076edbc00 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076edbd80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076edbdb0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076edbed0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076edbf80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076edc5b0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076edc800 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076edd060 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071f9146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[6952] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076e91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e91434 8 bytes [A0, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000076e917bf 7 bytes [7B, EB, FF, 00, 00, 00, 00] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000076e919c4 8 bytes [80, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e91aa4 8 bytes {JO 0x7d; JMP 0x3} .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e91c25 8 bytes [60, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e91d8f 8 bytes [50, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e91e75 8 bytes [40, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076e920d8 8 bytes [30, 7B, EB, FF, 00, 00, 00, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076edbc00 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076edbd80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076edbdb0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076edbed0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076edbf80 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076edc5b0 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076edc800 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076edd060 8 bytes JMP 3f3f3f3f .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071f9146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programy\Mozilla Firefox\plugin-container.exe[7012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 0000000076e91234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000076e912df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000076e91434 8 bytes [A0, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 0000000076e917bf 7 bytes [AB, F7, 7E, 00, 00, 00, 00] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000076e919c4 8 bytes [80, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000076e91aa4 8 bytes [70, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000076e91c25 8 bytes [60, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000076e91d8f 8 bytes [50, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000076e91e75 8 bytes [40, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 0000000076e920d8 8 bytes [30, AB, F7, 7E, 00, 00, 00, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000076edbc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000076edbd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076edbdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076edbed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076edbf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076edc5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076edc800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076edd060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000071f913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000071f9146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000071f916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000071f919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000071f919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000071f91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000763d1eee 7 bytes JMP 000000006e775200 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000763d5b85 7 bytes JMP 000000006e775840 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000763e1409 7 bytes JMP 000000006e775450 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000763eea5d 7 bytes JMP 000000006e7751f0 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000764790c4 7 bytes JMP 000000006e774820 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076479149 5 bytes JMP 000000006e774a00 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007647949f 5 bytes JMP 000000006e774830 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076b21e4c 5 bytes JMP 000000006e774740 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076b21efa 5 bytes JMP 000000006e774650 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076b22bdc 5 bytes JMP 000000006e774a10 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076b22e7e 5 bytes JMP 000000006e774340 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007654e74f 5 bytes JMP 000000006e773910 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007654e989 5 bytes JMP 000000006e773920 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075005645 5 bytes JMP 000000006e7742d0 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007501f631 5 bytes JMP 000000006e774330 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075040867 5 bytes JMP 000000006e773600 .text C:\Users\Krystian\Desktop\5b2hc14n.exe[2544] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075057af4 5 bytes JMP 000000006e7742a0 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003922f78] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5924:5956] 000007fefaf92b1c ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b67605bcdd Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b67605bcdd@001f00b54dd9 0xA2 0xC8 0xE0 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b67605bcdd@44d4e06f26b8 0xA7 0xCD 0x82 0x5C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b67605bcdd (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b67605bcdd@001f00b54dd9 0xA2 0xC8 0xE0 0xD0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b67605bcdd@44d4e06f26b8 0xA7 0xCD 0x82 0x5C ... ---- EOF - GMER 2.2 ----