GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2018-06-26 16:32:40 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST9500325AS rev.0001SDM1 465,76GB Running: gmer_ydlgi9ro.exe; Driver: C:\Users\ADMINI~2\AppData\Local\Temp\pxldrpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Windows\system32\dwm.exe[792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd9431d050 7 bytes JMP 00007ffd93de0500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd9434b160 5 bytes JMP 00007ffd93de0538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Windows\system32\taskhostex.exe[1832] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2580] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Program Files\NoVirusThanks\EXE Radar Pro\EXERadar.exe[4184] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!BaseThreadInitThunk 00007ffd95f213b0 13 bytes {MOV R11, 0x7ffd6be3e4e0; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!SetUnhandledExceptionFilter 00007ffd95f247d0 13 bytes {MOV R11, 0x7ffd65c88050; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!SendMessageTimeoutW 00007ffd968c45d0 13 bytes {MOV R11, 0x7ffd65c539d4; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!GetWindowInfo 00007ffd968c80f0 13 bytes {MOV R11, 0x7ffd65667a74; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\user32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Program Files\Mozilla Firefox\firefox.exe[4492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!BaseThreadInitThunk 00007ffd95f213b0 13 bytes {MOV R11, 0x7ffd6be3e4e0; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93de0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93de0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93de0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93de02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93de0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93de01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93de0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93de0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93de00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93de0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93de0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93de01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff715f8} .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93de0458 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93de03e8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93de0378 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd50be88} .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93de03b0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\user32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93de0420 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93de0490 .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6cef90} .text C:\Program Files\Mozilla Firefox\firefox.exe[4872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93de04c8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!BaseThreadInitThunk 00007ffd95f213b0 13 bytes {MOV R11, 0x7ffd6be3e4e0; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93dc0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93dc0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93dc0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93dc02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93dc0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93dc01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93dc0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93dc0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93dc00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93dc0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93dc0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93dc01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff515f8} .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93dc0458 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93dc03e8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93dc0378 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd4ebe88} .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93dc03b0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\user32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93dc0420 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93dc0490 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6aef90} .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93dc04c8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd9431d050 7 bytes JMP 00007ffd93dc0500 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd9434b160 5 bytes JMP 00007ffd93dc0538 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffd90cc7750 5 bytes JMP 00007ffd90cb00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffd90cc8ee0 5 bytes JMP 00007ffd90cb0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[2956] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory2 00007ffd90ccc650 5 bytes JMP 00007ffd90cb0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!BaseThreadInitThunk 00007ffd95f213b0 13 bytes {MOV R11, 0x7ffd6be3e4e0; JMP R11} .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd95f23e10 7 bytes JMP 00007ffd93dc0260 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd95f23e20 7 bytes JMP 00007ffd93dc0298 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd95fd39b0 7 bytes JMP 00007ffd93dc0340 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd95fd3ef0 7 bytes JMP 00007ffd93dc02d0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd95fd3fe0 7 bytes JMP 00007ffd93dc0308 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd960006c0 7 bytes JMP 00007ffd93dc01f0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd96000730 7 bytes JMP 00007ffd93dc0228 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd93df21d0 5 bytes JMP 00007ffd93dc0180 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd93df29d0 7 bytes JMP 00007ffd93dc00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd93df4310 5 bytes JMP 00007ffd93dc0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd93df8c40 5 bytes JMP 00007ffd93dc0148 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd93e6ebc0 1 byte JMP 00007ffd93dc01b8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW + 2 00007ffd93e6ebc2 3 bytes {JMP 0xfffffffffff515f8} .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!CreateWindowExW 00007ffd968c9920 10 bytes JMP 00007ffd93dc0458 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!EnumDisplayDevicesW 00007ffd968d4430 5 bytes JMP 00007ffd93dc03e8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd968d44f0 1 byte JMP 00007ffd93dc0378 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ffd968d44f2 7 bytes {JMP 0xfffffffffd4ebe88} .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!EnumDisplayDevicesA 00007ffd968e3b80 5 bytes JMP 00007ffd93dc03b0 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\user32.dll!ChangeDisplaySettingsExW 00007ffd968e5cd0 5 bytes JMP 00007ffd93dc0420 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd96711500 1 byte JMP 00007ffd93dc0490 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd96711502 6 bytes {JMP 0xfffffffffd6aef90} .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd96711750 8 bytes JMP 00007ffd93dc04c8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd9431d050 7 bytes JMP 00007ffd93dc0500 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd9434b160 5 bytes JMP 00007ffd93dc0538 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007ffd90cc7750 5 bytes JMP 00007ffd90cb00d8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007ffd90cc8ee0 5 bytes JMP 00007ffd90cb0110 .text C:\Program Files\Mozilla Firefox\firefox.exe[4508] C:\Windows\SYSTEM32\dxgi.dll!CreateDXGIFactory2 00007ffd90ccc650 5 bytes JMP 00007ffd90cb0148 .text C:\Users\eclipse\Downloads\gmer_ydlgi9ro.exe[4024] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000726e1003 2 bytes [6E, 72] .text C:\Users\eclipse\Downloads\gmer_ydlgi9ro.exe[4024] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000726e1016 2 bytes [6E, 72] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [488:512] fffff9600091a2d0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x0F 0x28 0x3B 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x43 0x51 0x9D 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x95 0xB1 0x44 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xC8 0xDA 0xA6 0x7F ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US 1851 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO26EC0_01_07D9_65^8C35842E00795679DA68617EE50115F9@Timestamp 0x00 0x76 0x46 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3875628 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2096207645 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 1852 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 538775563 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4498 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3528 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f48fecbb-0808-4425-a06a-12bee46 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158343ffad Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158343ffad@34c3ac0e299a 0x90 0xAF 0x3B 0x7C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Wt?, ?cze ?26 ?18, 01:46:07??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 25574 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 20334 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 1827 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112B85F5-8E10-4E7D-A679-D919464809FA}@LeaseObtainedTime 1530013440 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112B85F5-8E10-4E7D-A679-D919464809FA}@T1 1530014340 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112B85F5-8E10-4E7D-A679-D919464809FA}@T2 1530015015 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{112B85F5-8E10-4E7D-A679-D919464809FA}@LeaseTerminatesTime 1530015240 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}@LeaseObtainedTime 1530013440 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}@T1 1530014340 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}@T2 1530015015 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63984120-4D28-4093-9090-707806B61C6F}@LeaseTerminatesTime 1530015240 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99959E15-0FF6-4D2D-8F5A-FA6237A0B5D7}@LeaseObtainedTime 1530013440 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99959E15-0FF6-4D2D-8F5A-FA6237A0B5D7}@T1 1530014340 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99959E15-0FF6-4D2D-8F5A-FA6237A0B5D7}@T2 1530015015 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{99959E15-0FF6-4D2D-8F5A-FA6237A0B5D7}@LeaseTerminatesTime 1530015240 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\eclipse\Documents\adt-bundle-windows-x86-20140624\adt-bundle-windows-x86-20140624\sdk\tools\lib\monitor-x86\features\com.android.ide.eclipse.hierarchyviewer.feature_23.0.0.1245622\META-INF\maven\adt.group\com.android.ide.eclipse.hierarchyviewer.feature\pom.properties 151 bytes File C:\Users\eclipse\Documents\adt-bundle-windows-x86-20140624\adt-bundle-windows-x86-20140624\sdk\tools\lib\monitor-x86\features\com.android.ide.eclipse.hierarchyviewer.feature_23.0.0.1245622\META-INF\maven\adt.group\com.android.ide.eclipse.hierarchyviewer.feature\pom.xml 686 bytes File C:\Users\eclipse\Documents\adt-bundle-windows-x86-20140624\adt-bundle-windows-x86-20140624\sdk\tools\lib\monitor-x86_64\features\com.android.ide.eclipse.hierarchyviewer.feature_23.0.0.1245622\META-INF\maven\adt.group\com.android.ide.eclipse.hierarchyviewer.feature\pom.properties 151 bytes File C:\Users\eclipse\Documents\adt-bundle-windows-x86-20140624\adt-bundle-windows-x86-20140624\sdk\tools\lib\monitor-x86_64\features\com.android.ide.eclipse.hierarchyviewer.feature_23.0.0.1245622\META-INF\maven\adt.group\com.android.ide.eclipse.hierarchyviewer.feature\pom.xml 686 bytes File C:\Users\eclipse\Documents\adt-bundle-windows-x86-20140624\adt-bundle-windows-x86-20140624\sdk\tools\lib\monitor-x86_64\p2\org.eclipse.equinox.p2.engine\profileRegistry\DefaultProfile.profile\.data\org.eclipse.equinox.internal.p2.touchpoint.eclipse.actions\jvmargs 75 bytes ---- EOF - GMER 2.2 ----