GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-10-09 13:55:52 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB Running: hck7hrbj.exe; Driver: C:\Users\Maciej\AppData\Local\Temp\kwrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007707a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077083f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007709ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770af2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770e94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771087e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd110180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd1100d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd110148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd110110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd1101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd1101b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddb7490 11 bytes JMP 000007fffd110228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddcbf00 7 bytes JMP 000007fffd110260 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd110180 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd1100d8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd110148 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd110110 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd1101f0 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd1101b8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7a5dc88 5 bytes JMP 000007fff78500d8 .text C:\Windows\system32\Dwm.exe[1924] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7a5de10 5 bytes JMP 000007fff7850110 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 0000000172323320 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 00000001723232b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072251a22 2 bytes [25, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072251ad0 2 bytes [25, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072251b08 2 bytes [25, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072251bba 2 bytes [25, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072251bda 2 bytes [25, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75] .text ... * 2 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd110180 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd1100d8 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd110148 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd110110 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd1101f0 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd1101b8 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddb7490 11 bytes JMP 000007fffd110228 .text C:\Windows\system32\taskeng.exe[2084] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddcbf00 7 bytes JMP 000007fffd110260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007707a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077083f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007709ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770af2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770e94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771087e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd0a0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd0a00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd0a0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd0a0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd0a01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd0a01b8 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000764751dd 7 bytes JMP 0000000110053ac0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007647610b 7 bytes JMP 0000000110053c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007647c6c1 7 bytes JMP 0000000110053bf0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000764bfc98 7 bytes JMP 0000000110053c60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000764bfcd1 7 bytes JMP 0000000110053d30 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000764bfcf5 7 bytes JMP 0000000110053ce0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 0000000172323320 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 00000001723232b0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000769e5ea5 5 bytes JMP 0000000172323320 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3452] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a19d0b 5 bytes JMP 00000001723232b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007707a400 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077083f20 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007709ffb0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770af2e0 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770d9a30 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770e94c0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771087e0 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd090180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd0900d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd090148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd090110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddb7490 11 bytes JMP 000007fffd090228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddcbf00 7 bytes JMP 000007fffd090260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 3 bytes JMP 000007fffd0901f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007feff5089f4 4 bytes [FD, CC, CC, CC] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 3 bytes JMP 000007fffd0901b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007feff50be54 4 bytes [FD, CC, CC, CC] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef3ed2460 5 bytes JMP 000007fefd0902d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3496] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef3f096b0 6 bytes JMP 000007fefd090298 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007707a400 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077083f20 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007709ffb0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770af2e0 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770d9a30 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770e94c0 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771087e0 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd110180 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd1100d8 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd110148 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd110110 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd1101f0 .text C:\Windows\system32\NOTEPAD.EXE[4056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd1101b8 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[5028] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007707a400 7 bytes JMP 000000016fff0228 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077083f20 5 bytes JMP 000000016fff0180 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007709ffb0 5 bytes JMP 000000016fff01b8 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000770af2e0 5 bytes JMP 000000016fff0110 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770d9a30 7 bytes JMP 000000016fff00d8 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770e94c0 5 bytes JMP 000000016fff0148 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000771087e0 7 bytes JMP 000000016fff01f0 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd122db0 5 bytes JMP 000007fffd0a0180 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1237d0 7 bytes JMP 000007fffd0a00d8 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd128ef0 6 bytes JMP 000007fffd0a0148 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd13af60 5 bytes JMP 000007fffd0a0110 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5089f0 8 bytes JMP 000007fffd0a01f0 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff50be50 8 bytes JMP 000007fffd0a01b8 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefddb7490 11 bytes JMP 000007fffd0a0228 .text C:\Users\Maciej\Desktop\FRST64.exe[4996] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefddcbf00 7 bytes JMP 000007fffd0a0260 .text C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075331465 2 bytes [33, 75] .text C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753314bb 2 bytes [33, 75] .text ... * 2 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Program Files (x86)\Genius\X-G510\mousehid.exe[5704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076bd1f0e 7 bytes JMP 0000000172323dd0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076bd5bad 7 bytes JMP 00000001723240e0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076be1409 7 bytes JMP 0000000172323f10 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076beea45 7 bytes JMP 0000000172323dc0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076c78e24 7 bytes JMP 0000000172323b50 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076c78ea9 5 bytes JMP 0000000172323c00 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076c791ff 5 bytes JMP 0000000172323b60 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075351d29 5 bytes JMP 0000000172323b00 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075351dd7 5 bytes JMP 0000000172323ab0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075352ab1 5 bytes JMP 0000000172323c10 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075352d17 5 bytes JMP 0000000172323890 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007513e96b 5 bytes JMP 00000001723233e0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007513eba5 5 bytes JMP 00000001723233f0 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076468a29 5 bytes JMP 0000000172323370 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076474572 5 bytes JMP 0000000172323810 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007648e567 5 bytes JMP 0000000172323880 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000764b07d7 5 bytes JMP 0000000172323280 .text C:\Users\Maciej\Downloads\hck7hrbj.exe[1828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000764c7a5c 5 bytes JMP 0000000172323800 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (*** suspicious ***) @ C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [4904] (SW Update Agent/Samsung Electronics CO., LTD.)(2013-10-21 21:07:30) 0000000000230000 ---- EOF - GMER 2.1 ----