GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-09 17:04:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB Running: xs78lhv1.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\pwddypow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\WINDOWS\system32\dwm.exe[416] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[736] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a70260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a70298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a70340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a702d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a70308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a701f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a70228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a70180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a700d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a70110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a70148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a701b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a70420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd3e9690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a703e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a70378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a70458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a703b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a70490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff76ef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a704c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffb8f2bead0 5 bytes JMP 00007ffb99a705a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffb8f2eeb90 6 bytes JMP 00007ffb99a70570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a70500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2912] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a70538 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\WINDOWS\system32\taskhostex.exe[2996] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[664] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\WINDOWS\system32\igfxEM.exe[4252] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\WINDOWS\system32\igfxHK.exe[4272] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\Windows\System32\SettingSyncHost.exe[4580] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\Windows\System32\skydrive.exe[4852] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3052] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffb9a6b3e10 7 bytes JMP 00007ffc99a90260 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffb9a6b3e20 7 bytes JMP 00007ffc99a90298 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffb9a7639b0 7 bytes JMP 00007ffc99a90340 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffb9a763ef0 7 bytes JMP 00007ffc99a902d0 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffb9a763fe0 7 bytes JMP 00007ffc99a90308 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffb9a7906c0 7 bytes JMP 00007ffc99a901f0 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffb9a790730 7 bytes JMP 00007ffc99a90228 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffb99af21d0 5 bytes JMP 00007ffc99a90180 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffb99af29d0 7 bytes JMP 00007ffc99a900d8 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffb99af4310 5 bytes JMP 00007ffc99a90110 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffb99af8d80 5 bytes JMP 00007ffc99a90148 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffb99b6f0b0 5 bytes JMP 00007ffc99a901b8 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffb9aa8d050 7 bytes JMP 00007ffc99a90500 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffb9aabb170 5 bytes JMP 00007ffc99a90538 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffb9c686d90 1 byte JMP 00007ffc99a90420 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffb9c686d92 8 bytes {JMP 0xfffffffffd409690} .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffb9c6974a0 5 bytes JMP 00007ffc99a903e8 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffb9c697560 9 bytes JMP 00007ffc99a90378 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffb9c697730 5 bytes JMP 00007ffc99a90458 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffb9c6a6b10 5 bytes JMP 00007ffc99a903b0 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffb9a301500 1 byte JMP 00007ffc99a90490 .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffb9a301502 6 bytes {JMP 0xffffffffff78ef90} .text C:\WINDOWS\system32\wuauclt.exe[5320] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffb9a301750 8 bytes JMP 00007ffc99a904c8 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [744:768] fffff960009522d0 Thread C:\Windows\System32\SettingSyncHost.exe [4580:4700] 00007ffb91907090 Thread C:\Windows\System32\SettingSyncHost.exe [4580:4848] 00007ffb8e387470 Thread C:\WINDOWS\SysWOW64\msiexec.exe [5388:5428] 000000007f91392e Thread C:\WINDOWS\SysWOW64\msiexec.exe [5516:5532] 000000007f9d392e ---- Processes - GMER 2.1 ---- Process C:\ProgramData\MobileBrServ\mbbservice.exe (*** suspicious ***) @ C:\ProgramData\MobileBrServ\mbbservice.exe [2308](2014-11-01 10:05:27) 0000000000f10000 Process C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [2616] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 12:48:18) 0000000000400000 Process C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (*** suspicious ***) @ C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [5860] (SW Update Agent/Samsung Electronics CO., LTD.)(2013-10-21 19:07:30) 0000000000b80000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----