GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-17 14:20:52 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: x4u8qxdh.exe; Driver: C:\Users\A\AppData\Local\Temp\axloauog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C46579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[128] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrl.exe[688] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1392] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[1764] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Windows\system32\taskeng.exe[1908] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1980] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\P4G\BatteryLife.exe[2040] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2616] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe[2712] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3400] ntdll.dll!wcsncmp + 33B 7772F580 7 Bytes JMP 6984F140 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3400] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7634C0CF 7 Bytes JMP 69E6FDD2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3400] kernel32.dll!CloseHandle + 38 763505EF 7 Bytes JMP 69E6FDF5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3400] kernel32.dll!GetExitCodeProcess + 2C 7635313D 7 Bytes JMP 69852942 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3400] GDI32.dll!GetViewportOrgEx + 21C 75B285EB 7 Bytes JMP 69E6FD53 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] kernel32.dll!K32GetModuleInformation 76338194 5 Bytes JMP 71AA16AE C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] kernel32.dll!K32GetModuleFileNameExW 76339EF6 5 Bytes JMP 71AA1591 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] kernel32.dll!RegSetValueExA 76346889 7 Bytes JMP 71AA1285 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] kernel32.dll!K32EnumProcessModulesEx 763AF5E6 7 Bytes JMP 71AA1334 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] kernel32.dll!K32GetMappedFileNameW 763AF845 5 Bytes JMP 71AA101E C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] GDI32.dll!D3DKMTQueryAdapterInfo 75B29730 5 Bytes JMP 71AA119A C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] GDI32.dll!D3DKMTGetDisplayModeList 75B2F318 5 Bytes JMP 71AA15AA C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] ole32.dll!CoSetProxyBlanket 774859E3 5 Bytes JMP 71AA15DC C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll .text C:\Users\A\Desktop\x4u8qxdh.exe[4064] ole32.dll!CoCreateInstance 774C57FC 5 Bytes JMP 71AA1226 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x48 0xCF 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0x48 0xCF 0x6F ... ---- EOF - GMER 2.1 ----