GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-01 02:14:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-08WN4A0 rev.01.01A01 931,51GB Running: l8gljntm.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fxddypoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000125a00 7 bytes [00, 58, F3, FF, 01, 66, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000125a08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.2 ---- .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770b1401 2 bytes JMP 75e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770b1419 2 bytes JMP 75e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770b1431 2 bytes JMP 75ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770b144a 2 bytes CALL 75e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770b14dd 2 bytes JMP 75ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770b14f5 2 bytes JMP 75ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770b150d 2 bytes JMP 75ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770b1525 2 bytes JMP 75ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770b153d 2 bytes JMP 75e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770b1555 2 bytes JMP 75e26907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770b156d 2 bytes JMP 75ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770b1585 2 bytes JMP 75ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770b159d 2 bytes JMP 75ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770b15b5 2 bytes JMP 75e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770b15cd 2 bytes JMP 75e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770b16b2 2 bytes JMP 75ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\HS\HS_Svc.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770b16bd 2 bytes JMP 75ea8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000753117fa 2 bytes CALL 75e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000075311860 2 bytes CALL 75e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000075311942 2 bytes JMP 76426da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007531194d 2 bytes JMP 7642e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770b1401 2 bytes JMP 75e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770b1419 2 bytes JMP 75e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770b1431 2 bytes JMP 75ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770b144a 2 bytes CALL 75e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770b14dd 2 bytes JMP 75ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770b14f5 2 bytes JMP 75ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770b150d 2 bytes JMP 75ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770b1525 2 bytes JMP 75ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770b153d 2 bytes JMP 75e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770b1555 2 bytes JMP 75e26907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770b156d 2 bytes JMP 75ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770b1585 2 bytes JMP 75ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770b159d 2 bytes JMP 75ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770b15b5 2 bytes JMP 75e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770b15cd 2 bytes JMP 75e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770b16b2 2 bytes JMP 75ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770b16bd 2 bytes JMP 75ea8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770b1401 2 bytes JMP 75e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770b1419 2 bytes JMP 75e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770b1431 2 bytes JMP 75ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770b144a 2 bytes CALL 75e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770b14dd 2 bytes JMP 75ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770b14f5 2 bytes JMP 75ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770b150d 2 bytes JMP 75ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770b1525 2 bytes JMP 75ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770b153d 2 bytes JMP 75e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770b1555 2 bytes JMP 75e26907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770b156d 2 bytes JMP 75ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770b1585 2 bytes JMP 75ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770b159d 2 bytes JMP 75ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770b15b5 2 bytes JMP 75e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770b15cd 2 bytes JMP 75e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770b16b2 2 bytes JMP 75ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770b16bd 2 bytes JMP 75ea8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000753117fa 2 bytes CALL 75e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000075311860 2 bytes CALL 75e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000075311942 2 bytes JMP 76426da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\svchost.exe[3032] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007531194d 2 bytes JMP 7642e8de C:\Windows\syswow64\WS2_32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000770b1401 2 bytes JMP 75e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000770b1419 2 bytes JMP 75e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000770b1431 2 bytes JMP 75ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000770b144a 2 bytes CALL 75e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000770b14dd 2 bytes JMP 75ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000770b14f5 2 bytes JMP 75ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000770b150d 2 bytes JMP 75ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000770b1525 2 bytes JMP 75ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000770b153d 2 bytes JMP 75e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000770b1555 2 bytes JMP 75e26907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000770b156d 2 bytes JMP 75ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000770b1585 2 bytes JMP 75ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000770b159d 2 bytes JMP 75ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000770b15b5 2 bytes JMP 75e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000770b15cd 2 bytes JMP 75e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000770b16b2 2 bytes JMP 75ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Roaming\remcos\winmgr.exe[3980] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000770b16bd 2 bytes JMP 75ea8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000770b1401 2 bytes JMP 75e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000770b1419 2 bytes JMP 75e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000770b1431 2 bytes JMP 75ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000770b144a 2 bytes CALL 75e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000770b14dd 2 bytes JMP 75ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000770b14f5 2 bytes JMP 75ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000770b150d 2 bytes JMP 75ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000770b1525 2 bytes JMP 75ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000770b153d 2 bytes JMP 75e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000770b1555 2 bytes JMP 75e26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000770b156d 2 bytes JMP 75ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000770b1585 2 bytes JMP 75ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000770b159d 2 bytes JMP 75ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000770b15b5 2 bytes JMP 75e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000770b15cd 2 bytes JMP 75e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000770b16b2 2 bytes JMP 75ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000770b16bd 2 bytes JMP 75ea8891 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\SysWOW64\svchost.exe [3032:3800] 00000000001523f1 Thread C:\Windows\SysWOW64\svchost.exe [3032:3804] 0000000003795486 Thread C:\Windows\SysWOW64\svchost.exe [3032:3808] 00000000002c14da Thread C:\Windows\SysWOW64\svchost.exe [3032:3816] 0000000000242888 Thread C:\Windows\SysWOW64\svchost.exe [3032:3820] 0000000003d431f1 Thread C:\Windows\SysWOW64\svchost.exe [3032:3828] 00000000002d14ba Thread C:\Windows\SysWOW64\svchost.exe [3032:3832] 0000000003fc4437 Thread C:\Windows\SysWOW64\svchost.exe [3032:3836] 00000000044a2807 Thread C:\Windows\SysWOW64\svchost.exe [3032:3860] 00000000003a2a0b Thread C:\Windows\SysWOW64\explorer.exe [4808:4984] 0000000000081be8 Thread C:\Windows\SysWOW64\explorer.exe [4808:4988] 00000000000836ec ---- EOF - GMER 2.2 ----