GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-14 15:47:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698,64GB Running: 6uzz6s53.exe; Driver: C:\Users\Masa\AppData\Local\Temp\uxrirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe[1852] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 00000001034e8f20 .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IGS\OptimizerMonitor.exe[2608] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe[4232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 00000001004c8f20 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 00000001004c8f20 .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BRT.Helper.exe[3296] C:\Windows\syswow64\KERNEL32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 0000000100d18f20 .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.BOASHelper.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe[1104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe[5396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Users\Masa\AppData\Local\SmartWeb\SmartWebHelper.exe[4916] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 0000000100188f20 .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 00000001007b8f20 .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b11401 2 bytes JMP 773db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b11419 2 bytes JMP 773db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b11431 2 bytes JMP 77458ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b1144a 2 bytes CALL 773b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b114dd 2 bytes JMP 774587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b114f5 2 bytes JMP 77458978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b1150d 2 bytes JMP 77458698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b11525 2 bytes JMP 77458a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b1153d 2 bytes JMP 773cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b11555 2 bytes JMP 773d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b1156d 2 bytes JMP 77458f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b11585 2 bytes JMP 77458ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b1159d 2 bytes JMP 7745865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b115b5 2 bytes JMP 773cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b115cd 2 bytes JMP 773db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b116b2 2 bytes JMP 77458e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\StormWatch\StormWatchApp.exe[1180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b116bd 2 bytes JMP 774585f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Masa\AppData\Local\SmartWeb\SmartWebApp.exe[3468] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007742b2fe 5 bytes JMP 0000000101eb8f20 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!free] [10000000000] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_U@YAPEAX_K@Z] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!??_V@YAXPEAX@Z] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!realloc] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_unlock] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!__dllonexit] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memset] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ultow_s] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_vsnwprintf] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!memcmp] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_lock] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_onexit] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[msvcrt.dll!_ui64tow_s] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlMapGenericMask] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateAcl] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlAddAccessAllowedAce] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlCreateSecurityDescriptor] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlSetDaclSecurityDescriptor] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaOpenPolicy] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!CopySid] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaLookupNames2] [4862844c69bf] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaClose] [ffffb79d7bb39640] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetTokenInformation] [7fef88e5ec0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAclInformation] [7fef88d2ed0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetAce] [7fef88d45e0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!OpenProcessToken] [7fef88e0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegOpenKeyExW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegCloseKey] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!RegQueryValueExW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetNamedSecurityInfoW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetSecurityDescriptorControl] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!IsValidSid] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!EqualSid] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!GetLengthSid] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[ADVAPI32.dll!LsaFreeMemory] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[USER32.dll!CopyImage] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[USER32.dll!LoadStringW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[USER32.dll!ReleaseDC] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[USER32.dll!GetDC] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateDIBSection] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteDC] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetBitmapBits] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!CreateCompatibleDC] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!SelectObject] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!BitBlt] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!GetObjectW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[GDI32.dll!DeleteObject] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetTemporaryPropertyForItem] [7fef88d45b0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHGetFolderPathAndSubDirW] [7fef88e0d3c] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHELL32.dll!SHChangeNotify] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!StrCmpNIW] [7fef88d45f0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathFindExtensionW] [7fef88e0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHRegGetValueW] [7fef88d3360] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHCreateStreamOnFileW] [7fef88e0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathCombineW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathRemoveFileSpecW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsNetworkPathW] [7fef88d3650] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathStripToRootW] [7fef88d45a0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathSkipRootW] [7fef88e0ce8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathAppendW] [7fef88e0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHGetValueW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsRootW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!PathIsUNCW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[SHLWAPI.dll!SHStrDupW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessHeap] [7fef88e0d3c] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!HeapFree] [7fef88e0d18] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DisableThreadLibraryCalls] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryW] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FreeLibrary] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetLastError] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LoadLibraryExA] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DelayLoadFailureHook] [ffffffffffffffff] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CloseHandle] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!lstrlenW] [7fef88d57f8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LCMapStringW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentThreadId] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileAttributesW] [7fef88d56a8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateDirectoryW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindFirstFileW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DeleteFileW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindNextFileW] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!FindClose] [7fef88d5690] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RemoveDirectoryW] [1] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTempFileNameW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MoveFileExW] [7fef88d5680] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetVolumeInformationW] [7fef88d5660] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetDriveTypeW] [2] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MulDiv] [1] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileSize] [7fef88d5680] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!RaiseException] [7fef88d5630] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFilePointer] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WriteFile] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEndOfFile] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileAttributesW] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnmapViewOfFile] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!Sleep] [7fef88d55f0] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!QueryPerformanceCounter] [7] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcessId] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!TerminateProcess] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetCurrentProcess] [7fef88d55c8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!UnhandledExceptionFilter] [8] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [1] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalAlloc] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!DuplicateHandle] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!LocalFree] [7fef88d55a8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetModuleHandleW] [9] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SystemTimeToFileTime] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!OpenProcess] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcessId] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateMutexW] [7fef88d5588] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateEventW] [a] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ReleaseMutex] [32] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetEvent] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!ResetEvent] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!CreateFileMappingW] [7fef88d5568] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!MapViewOfFile] [b] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetFileInformationByHandleEx] [1f4] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!SetFileInformationByHandle] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!WaitForSingleObject] [7fef88d56d8] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetSystemInfo] [7fef88d5550] C:\Windows\system32\thumbcache.dll IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[PSAPI.DLL!QueryWorkingSetEx] [0] IAT C:\Windows\explorer.exe[6140] @ C:\Windows\system32\thumbcache.dll[PROPSYS.dll!PropVariantToUInt64] [7fef88d56d8] C:\Windows\system32\thumbcache.dll ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [5352:5792] 000007fef16e9688 ---- Processes - GMER 2.1 ---- Process C:\Users\Masa\AppData\Local\ConvertAd\CASrv.exe (*** suspicious ***) @ C:\Users\Masa\AppData\Local\ConvertAd\CASrv.exe [1548](2015-02-0 0000000001250000 Process C:\Users\Masa\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\Masa\AppData\Roaming\VOPackage\VOsrv.exe [2572](2 0000000000f10000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\012197000000 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\012197000000 (not active ControlSet) ---- EOF - GMER 2.1 ----