GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-05-08 16:45:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000077 ST1000LM rev.2AR2 931,51GB Running: jdjwmiih.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031f9000 45 bytes [00, 00, 1E, 02, 4D, 6D, 43, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031f902f 16 bytes [00, 1C, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d7e96b 5 bytes JMP 0000000171f02cd0 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d7eba5 5 bytes JMP 0000000171f02ce0 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e95ea5 5 bytes JMP 0000000171f02c20 .text C:\Windows\SysWOW64\ntdll.dll[2044] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ec9d0b 5 bytes JMP 0000000171f02bb0 .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000713f1a22 2 bytes [3F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000713f1ad0 2 bytes [3F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000713f1b08 2 bytes [3F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000713f1bba 2 bytes [3F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000713f1bda 2 bytes [3F, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000761c1d1b 5 bytes JMP 0000000171f032b0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000761c1dc9 5 bytes JMP 0000000171f03270 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000761c2aa4 5 bytes JMP 0000000171f033d0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000761c2d0a 5 bytes JMP 0000000171f030b0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d7e96b 5 bytes JMP 0000000171f02cd0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d7eba5 5 bytes JMP 0000000171f02ce0 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e95ea5 5 bytes JMP 0000000171f02c20 .text C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe[2968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ec9d0b 5 bytes JMP 0000000171f02bb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000761c1d1b 5 bytes JMP 0000000171f032b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000761c1dc9 5 bytes JMP 0000000171f03270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000761c2aa4 5 bytes JMP 0000000171f033d0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000761c2d0a 5 bytes JMP 0000000171f030b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d7e96b 5 bytes JMP 0000000171f02cd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d7eba5 5 bytes JMP 0000000171f02ce0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e95ea5 5 bytes JMP 0000000171f02c20 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ec9d0b 5 bytes JMP 0000000171f02bb0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e95ea5 5 bytes JMP 0000000171f02c20 .text C:\Program Files (x86)\Steam\Steam.exe[3896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ec9d0b 5 bytes JMP 0000000171f02bb0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000761c1d1b 5 bytes JMP 0000000171f032b0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000761c1dc9 5 bytes JMP 0000000171f03270 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000761c2aa4 5 bytes JMP 0000000171f033d0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000761c2d0a 5 bytes JMP 0000000171f030b0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d7e96b 5 bytes JMP 0000000171f02cd0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d7eba5 5 bytes JMP 0000000171f02ce0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075e95ea5 5 bytes JMP 0000000171f02c20 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ec9d0b 5 bytes JMP 0000000171f02bb0 .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007711fcb0 5 bytes JMP 000000010016091c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007711fe14 5 bytes JMP 0000000100160048 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007711fea8 5 bytes JMP 00000001001602ee .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077120004 5 bytes JMP 00000001001604b2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077120038 5 bytes JMP 00000001001609fe .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077120068 5 bytes JMP 0000000100160ae0 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077120084 5 bytes JMP 0000000100020050 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007712079c 5 bytes JMP 000000010016012a .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007712088c 5 bytes JMP 0000000100160758 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000771208a4 5 bytes JMP 0000000100160676 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077120df4 5 bytes JMP 00000001001603d0 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077121920 5 bytes JMP 0000000100160594 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077121be4 5 bytes JMP 000000010016083a .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077121d70 5 bytes JMP 000000010016020c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 00000000761c549c 5 bytes JMP 00000001002c0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000761115ea 7 bytes JMP 000000010017059e .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000074d1524f 7 bytes JMP 0000000100160f52 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000074d153d0 7 bytes JMP 0000000100170210 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000074d15677 1 byte JMP 0000000100170048 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000074d15679 5 bytes {JMP 0xffffffff8b45a9d1} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000074d1589a 7 bytes JMP 0000000100160ca6 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000074d15a1d 7 bytes JMP 00000001001703d8 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000074d15c9b 7 bytes JMP 000000010017012c .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000074d15d87 7 bytes JMP 00000001001702f4 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000074d17240 7 bytes JMP 0000000100160e6e .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3744] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076401465 2 bytes [40, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764014bb 2 bytes [40, 76] .text ... * 2 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000074d51f0e 7 bytes JMP 0000000171f03550 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000074d55bad 7 bytes JMP 0000000171f037f0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074d61409 7 bytes JMP 0000000171f03650 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000074d6ea45 7 bytes JMP 0000000171f03540 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000074df8e24 7 bytes JMP 0000000171f03310 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000074df8ea9 5 bytes JMP 0000000171f033c0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000074df91ff 5 bytes JMP 0000000171f03320 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000761c1d1b 5 bytes JMP 0000000171f032b0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000761c1dc9 5 bytes JMP 0000000171f03270 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000761c2aa4 5 bytes JMP 0000000171f033d0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000761c2d0a 5 bytes JMP 0000000171f030b0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075d7e96b 5 bytes JMP 0000000171f02cd0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075d7eba5 5 bytes JMP 0000000171f02ce0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000760c8b9a 5 bytes JMP 0000000171f02c60 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000760d4c48 5 bytes JMP 0000000171f03030 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000760d6bdc 5 bytes JMP 0000000171f030a0 .text C:\Users\USER\Desktop\jdjwmiih.exe[5236] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076127bec 5 bytes JMP 0000000171f03020 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [2044:1032] 0000000000331c24 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4556:4748] 000007fefb232a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4556:4888] 000007fef8565124 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----