GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-22 21:46:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB Running: fr42djzk.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\system32\services.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\system32\winlogon.exe[732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\System32\svchost.exe[348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\Explorer.EXE[1400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2012] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files\IDT\WDM\AESTSr64.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\system32\hasplms.exe[2416] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[2708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe[2776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe[2224] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe[3656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files\DellTPad\Apoint.exe[4020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\System32\rundll32.exe[4036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[4084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files\DellTPad\ApMsgFwd.exe[3888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[3688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DellTPad\Apntex.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Windows\system32\conhost.exe[4120] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000068b511a8 2 bytes [B5, 68] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000068b5127d 2 bytes CALL 754714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000068b51310 2 bytes CALL 754714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000068b513a8 2 bytes [B5, 68] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000068b51422 2 bytes [B5, 68] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4396] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000068b51498 2 bytes [B5, 68] .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe[4816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe[5004] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[5020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5028] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2396] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075478769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2396] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Windows\sysWOW64\wbem\wmiprvse.exe[3736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\updater.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6184] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\5\plugin.exe[6628] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\2\plugin.exe[6636] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[6648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[7080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f0efcd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d71401 2 bytes JMP 7549b1ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d71419 2 bytes JMP 7549b31a C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d71431 2 bytes JMP 75518f09 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d7144a 2 bytes CALL 75474885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d714dd 2 bytes JMP 75518802 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d714f5 2 bytes JMP 755189d8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d7150d 2 bytes JMP 755186f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d71525 2 bytes JMP 75518ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d7153d 2 bytes JMP 7548fc78 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d71555 2 bytes JMP 754968bf C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d7156d 2 bytes JMP 75518fc1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d71585 2 bytes JMP 75518b22 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d7159d 2 bytes JMP 755186bc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d715b5 2 bytes JMP 7548fd11 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d715cd 2 bytes JMP 7549b2b0 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d716b2 2 bytes JMP 75518e84 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[7100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d716bd 2 bytes JMP 75518651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] .text C:\Users\USER\Desktop\fr42djzk.exe[6000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007549a2cd 1 byte [62] ---- Processes - GMER 2.1 ---- Process C:\Users\USER\AppData\Roaming\Gameo\gameo.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Gameo\gameo.exe [4624](2015-04-19 09:58: 0000000000020000 Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqm9pp_.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004](2015-04-22 18:50:37) 0000000004f70000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 00000000685c0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (ICU I18N DLL/The ICU Project)(2015-04-19 17:39:24) 000000004a900000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (ICU Common DLL/The ICU Project)(2015-04-19 17:39:24) 0000000005e50000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (ICU Data DLL/The ICU Project)(2015-04-19 17:39:24) 000000004ad00000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000065f90000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 0000000063e10000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004](2015-04-19 17:39:24) 00000000684c0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:23) 00000000682e0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000060660000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 00000000638e0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000060400000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 00000000675e0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004](2015-04-19 17:39:24) 00000000682c0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 00000000675b0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000067210000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-04-19 17:39:24) 0000000066ca0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004](2015-04-19 17:39:24) 0000000065eb0000 Library C:\Users\USER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe [5004](2015-04-19 17:39:24) 0000000066b90000 Process C:\Users\USER\AppData\Roaming\Gameo\gameo.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Gameo\gameo.exe [4996](2015-04-19 09:58: 0000000000020000 Process C:\Users\USER\AppData\Roaming\Gameo\gameo.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Gameo\gameo.exe [932](2015-04-19 09:58:06 0000000000020000 Process C:\Users\USER\AppData\Roaming\Gameo\gameo.exe (*** suspicious ***) @ C:\Users\USER\AppData\Roaming\Gameo\gameo.exe [6024](2015-04-19 09:58: 0000000000020000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5FC400FA-9613-4E37-A3D4-319598158B96}\Connection@Name isatap.{A0708728-3BDD-4FCC-9DAE-D67914576A09} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{21F8D639-C8A8-4E44-AF91-D1A0CE70F9CF}?\Device\{BB9930FF-32B8-4E2A-8C23-EE063D6575F5}?\Device\{47FBCB38-AAE8-4B7F-BAB7-4893395636AF}?\Device\{5FC400FA-9613-4E37-A3D4-319598158B96}?\Device\{773AFB61-0772-4569-83E9-EB5C7DA56FF5}?\Device\{51E7A277-EFCA-4D22-AAAD-FF18F9F668E2}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{21F8D639-C8A8-4E44-AF91-D1A0CE70F9CF}"?"{BB9930FF-32B8-4E2A-8C23-EE063D6575F5}"?"{47FBCB38-AAE8-4B7F-BAB7-4893395636AF}"?"{5FC400FA-9613-4E37-A3D4-319598158B96}"?"{773AFB61-0772-4569-83E9-EB5C7DA56FF5}"?"{51E7A277-EFCA-4D22-AAAD-FF18F9F668E2}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{21F8D639-C8A8-4E44-AF91-D1A0CE70F9CF}?\Device\TCPIP6TUNNEL_{BB9930FF-32B8-4E2A-8C23-EE063D6575F5}?\Device\TCPIP6TUNNEL_{47FBCB38-AAE8-4B7F-BAB7-4893395636AF}?\Device\TCPIP6TUNNEL_{5FC400FA-9613-4E37-A3D4-319598158B96}?\Device\TCPIP6TUNNEL_{773AFB61-0772-4569-83E9-EB5C7DA56FF5}?\Device\TCPIP6TUNNEL_{51E7A277-EFCA-4D22-AAAD-FF18F9F668E2}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289a72f46 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773726306c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773733b3a4 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5FC400FA-9613-4E37-A3D4-319598158B96}@InterfaceName isatap.{A0708728-3BDD-4FCC-9DAE-D67914576A09} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5FC400FA-9613-4E37-A3D4-319598158B96}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289a72f46 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773726306c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773733b3a4 (not active ControlSet) ---- EOF - GMER 2.1 ----