GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-03 22:19:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a ST1000DM rev.CC4B 931,51GB Running: JimmyPage.exe; Driver: C:\Users\Germain\AppData\Local\Temp\uxdirfoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2600] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\kernel32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\KERNEL32.dll .text C:\MSI\MSIRegister\MSIRegister.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077492bdc 5 bytes JMP 000000006fbcb4e3 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077492e7e 5 bytes JMP 000000006fbcb54d .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076fb1401 2 bytes JMP 75d8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076fb1419 2 bytes JMP 75d8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076fb1431 2 bytes JMP 75e09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076fb144a 2 bytes CALL 75d64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076fb14dd 2 bytes JMP 75e08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076fb14f5 2 bytes JMP 75e08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076fb150d 2 bytes JMP 75e08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076fb1525 2 bytes JMP 75e08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076fb153d 2 bytes JMP 75d7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076fb1555 2 bytes JMP 75d86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076fb156d 2 bytes JMP 75e09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076fb1585 2 bytes JMP 75e08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076fb159d 2 bytes JMP 75e088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076fb15b5 2 bytes JMP 75d7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076fb15cd 2 bytes JMP 75d8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076fb16b2 2 bytes JMP 75e090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Updater\Updater.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076fb16bd 2 bytes JMP 75e08891 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----